shell脚本部署免密登录

1. 创建一个目录，用来存放脚本

[root@localhost scripts]# tree
.
├── host
└── ssh.sh

0 directories, 2 files
[root@localhost scripts]# 

2. 编写脚本

[root@localhost scripts]# cat ssh.sh 
#!/bin/bash

set -e
yum -y install expect
if [ ! -f ~/.ssh/id_rsa ];then
	ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
else
	echo "id_rsa already exist "
fi

while read line
do
	user=`echo $line | cut -d " " -f 2`
	ip=`echo $line | cut -d " " -f 1`
	password=`echo $line | cut -d " " -f 3`
	
        expect << EOF
          set timeout 10
          spawn ssh-copy-id $user@$ip
          expect {
            "yes/no" { send "yes\n";exp_continue }
            "password" { send "$password\n" }
          }
          expect "password" { send "$password\n"}
EOF
done < host

[root@localhost scripts]# cat host 
192.168.8.137 root 1   //本机IP 用户 密码
192.168.8.130 root 1   //对端IP 用户 密码

[root@localhost scripts]# 

3. 验证效果

[root@localhost opt]# bash -x ssh.sh 
+ set -e
+ yum -y install expect
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
上次元数据过期检查：1:52:27 前，执行于 2021年10月24日 星期日 20时57分26秒。
依赖关系解决。
==================================================================================================================================
 软件包                       架构                         版本                                  仓库                        大小
==================================================================================================================================
安装:
 expect                       x86_64                       5.45.4-5.el8                          base                       267 k
安装依赖关系:
 tcl                          x86_64                       1:8.6.8-2.el8                         base                       1.1 M

事务概要
==================================================================================================================================
安装  2 软件包

总下载：1.4 M
安装大小：4.7 M
下载软件包：
(1/2): expect-5.45.4-5.el8.x86_64.rpm                                                             215 kB/s | 267 kB     00:01    
(2/2): tcl-8.6.8-2.el8.x86_64.rpm                                                                 652 kB/s | 1.1 MB     00:01    
----------------------------------------------------------------------------------------------------------------------------------
总计                                                                                              804 kB/s | 1.4 MB     00:01     
运行事务检查
事务检查成功。
运行事务测试
事务测试成功。
运行事务
  准备中  :                                                                                                                   1/1 
  安装    : tcl-1:8.6.8-2.el8.x86_64                                                                                          1/2 
  运行脚本: tcl-1:8.6.8-2.el8.x86_64                                                                                          1/2 
  安装    : expect-5.45.4-5.el8.x86_64                                                                                        2/2 
  运行脚本: expect-5.45.4-5.el8.x86_64                                                                                        2/2 
  验证    : expect-5.45.4-5.el8.x86_64                                                                                        1/2 
  验证    : tcl-1:8.6.8-2.el8.x86_64                                                                                          2/2 
Installed products updated.

已安装:
  expect-5.45.4-5.el8.x86_64                                       tcl-1:8.6.8-2.el8.x86_64                                      

完毕！
+ '[' '!' -f /root/.ssh/id_rsa ']'
+ ssh-keygen -t rsa -P '' -f /root/.ssh/id_rsa
Generating public/private rsa key pair.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:iFt/2qX1/Zb/UqB05A9XZ2srzVmMGFh85+BIlut8/LU root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|           +..   |
|          . * + =|
|           o X B+|
|     . .    = Bo=|
|    . o S  + ++=+|
|     o .    +.o=+|
|    .   . . o..o+|
|         + + ..Eo|
|        . o   .oO|
+----[SHA256]-----+
+ read line
++ echo 192.168.8.137 root 1
++ cut -d ' ' -f 2
+ user=root
++ echo 192.168.8.137 root 1
++ cut -d ' ' -f 1
+ ip=192.168.8.137
++ cut -d ' ' -f 3
++ echo 192.168.8.137 root 1
+ password=1
+ expect
spawn ssh-copy-id root@192.168.8.137
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.8.137 (192.168.8.137)' can't be established.
ECDSA key fingerprint is SHA256:ECsvugl1DCHfuejtUk08a5piC1AmP1akOaWPFqszmFE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.8.137's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.8.137'"
and check to make sure that only the key(s) you wanted were added.

+ read line
++ echo 192.168.8.130 root 1
++ cut -d ' ' -f 2
+ user=root
++ echo 192.168.8.130 root 1
++ cut -d ' ' -f 1
+ ip=192.168.8.130
++ echo 192.168.8.130 root 1
++ cut -d ' ' -f 3
+ password=1
+ expect
spawn ssh-copy-id root@192.168.8.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.8.130 (192.168.8.130)' can't be established.
ECDSA key fingerprint is SHA256:UK62+E1a68tsWpR2GGY4XmxUcViqnDNiyfhChTmYcu8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.8.130's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.8.130'"
and check to make sure that only the key(s) you wanted were added.

+ read line
++ cut -d ' ' -f 2
++ echo
+ user=
++ echo
++ cut -d ' ' -f 1
+ ip=
++ echo
++ cut -d ' ' -f 3
+ password=
+ expect
spawn ssh-copy-id @
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]
ERROR:            [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]
ERROR:            [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]
ERROR:            [-i identity_file] [-J [user@]host[:port]] [-L address]
ERROR:            [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]
ERROR:            [-Q query_option] [-R address] [-S ctl_path] [-W host:port]
ERROR:            [-w local_tun[:remote_tun]] destination [command]

expect: spawn id exp6 not open
    while executing
"expect "password" { send "\n"}"

[root@localhost opt]# ssh root@192.168.8.130
Last login: Sun Oct 24 22:49:10 2021 from 192.168.8.1
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:29:7f:87 brd ff:ff:ff:ff:ff:ff
    inet 192.168.8.130/24 brd 192.168.8.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever