继上一篇 expect ssh登陆,发现密码错误后关闭连接https://blog.csdn.net/qq_41323538/article/details/120547061https://blog.csdn.net/qq_41323538/article/details/120547061 之后,感觉可以利用 expect 来做一个批量免密脚本.
上脚本
#!/bin/bash
######################### 批量免密脚本 #########################
function info() {
echo -e "\033[33mINFO \033[0m: $1"
}
function error() {
echo -e "\033[31mERROR\033[0m: $1"
}
function usage() {
echo
echo "Usage:"
echo " batch_ssh_copy_id.sh [-l <machine_list_file] [-u <user>] -p <password>"
echo "Description:"
echo " -l machine_list_file 所有需要做免密的机器列表文件,一行一个,默认 /etc/hosts"
echo " -u user 免密登录用户,默认 root"
echo " -p password 免密用户的密码,无默认值"
echo
exit 1
}
# 检查参数
if [ $# -eq 0 ]; then
usage
fi
# 读取参数
while getopts 'l:u:p:'OPT; do
case $OPT in
l) list="$OPTARG" ;;
u) user="$OPTARG" ;;
p) password="$OPTARG" ;;
*) usage ;;
esac
done
# 默认值
if [ -n "$list" ]; then
host=$(cat $list)
else
host=$(cat /etc/hosts | awk '{print $2}')
fi
if [ -z "$user" ]; then
user="root"
fi
if [ -z "$password" ]; then
usage
fi
# 没有私钥时生成
me=$(whoami)
if [ ${me} == root ]; then
ssh_dir="/root/.ssh"
else
ssh_dir="/home/${me}/.ssh"
fi
if [[ -d ${ssh_dir} ]] && [[ -d ${ssh_dir}/id_rsa ]] && [[ -f ${ssh_dir}/id_rsa.pub ]]; then
info "${me} 秘钥对已经存在"
else
info "${me} 秘钥对不存在,开始生成秘钥对"
rm -rf ${ssh_dir}/id_rsa ${ssh_dir}/id_rsa.pub
ssh-keygen -t rsa -N "" -f ${ssh_dir}/id_rsa
fi
id_rsa_pub=$(cat ${ssh_dir}/id_ras.pub)
echo
info "不需要手动输入密码,耐心等待"
info "不需要手动输入密码,耐心等待"
info "不需要手动输入密码,耐心等待"
echo
sleep 3
declare -A rst
for host in ${hosts}; do
info "配置免密登录到 ${user}@${host} (${password})"
/bin/expect -c "
set timeout 30
spawn ssh-copy-id ${user}@${host}
expect {
\"*yes/no*\" { send \"yes\r\"; exp_continue }
\"*password*\" { send \"$password\r\" }
}
expect {
\"*password*\" { exit 1 }
}
interact
"
if [ $? -eq 1 ]; then
echo
error "配置免密登录到 ${user}@${host} 失败"
rst["${host}"]="\033[31mERROR\033[0m"
else
rst["${host}"]="\033[36mDONE\033[0m"
fi
done
echo
ehco "=============== Result ==============="
for k in ${!rst[@]}; do
printf "\033[33m%-30s\033[0m ${rst[${k}]}\n" ${k}
done