免密登录需要做二台linux计算机之间的信任。在很多集群服务或者自动化运维中,经常需要使用到免密登录。
环境
centos7V3-ansible: 192.168.10.174
centos7V4-ansible: 192.168.10.171
centos7V5-ansible: 192.168.10.168
centos7V6-ansible: 192.168.10.172
centos7V8-ansible: 192.168.10.169
选取其中192.168.10.168的服务器作为免密登录到其他服务器的中心服务器
1) 首先将/etc/ssh/sshd_config询问是否要永久增加对方秘钥的对话框去掉,为了马上能够自动化处理做准备
echo "StrictHostKeyChecking no >> /etc/ssh/sshd_config
2) 准备好用户名及密码文件,模板如下,注意密码和IP之间只能有一个空格,这个要和最后的脚本对应。
tee anhosts <<EOF
192.168.10.171 w123654@
192.168.10.174 w123654@
192.168.10.172 w123654@
192.168.10.169 w123654@
EOF
3)168的机器上生成秘钥对,默认的位置不用更改,简单起见。
[root@localhost ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:D9aoSoHb4DgLIqkD0gc6SjLVFj9NhNwYMwFDDzJmPhg root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|E =.=o=B. |
| * o.++oo |
|. o. o.o |
| ooo o .o |
| +oo. .S . |
|B=.+.. o o |
|&oo.o . . |
|Bo . . |
|o. . |
+----[SHA256]-----+
4)运用一下的shell脚本运行
#!/bin/bash
cat anhosts | while read ip pwd ; do
if sshpass -p $pwd ssh-copy-id -f $ip 2>/dev/null >&2 ; then
echo "copy-id to $ip success"
else
echo "copy-id to $ip failed"
fi
done
5)设置执行权限并运行脚本
[root@localhost ~]# ./autosshcopy
copy-id to 192.168.10.171 success
copy-id to 192.168.10.174 success
copy-id to 192.168.10.172 success
copy-id to 192.168.10.169 success
6) 去除ssh_config配置文件的最后一行
[root@localhost ~]# sed -i.bak '$d' /etc/ssh/ssh_config
7)测试发现全部成功
8)增强版本的批量拷贝文件,anhosts文件如下
8smaster 192.168.10.104 123456
k8sworker1 192.168.10.189 123456
k8sworker2 192.168.10.190 123456
k8sworker3 192.168.10.191 123456
k8sworker4 192.168.10.192 123456
k8sworker5 192.168.10.193 123456
运行脚本如下:
#!/bin/bash
echo "StrictHostKeyChecking no" >>/etc/ssh/ssh_config
echo -e 'y\n' | ssh-keygen -q -f ~/.ssh/id_rsa -t rsa -N ''
cat anhosts | while read host ip pwd ; do
echo $host $ip $pwd
if sshpass -p $pwd ssh-copy-id -f $ip 2>/dev/null >&2 ; then
ssh -nq $ip "hostnamectl set-hostname $host 2>/dev/null "
echo "$ip $host " >> /etc/hosts
echo "copy-id to $ip successed"
else
echo "copy-id to $ip failed"
fi
done
#sed -i '$d' /etc/ssh/ssh_config