SSH推送脚本
1. visudo
- visudo – 可直接添加项
- 编辑项vim /etc/sudoers
- chmod 640 /etc/sudoers – 默认权限 440
ansible ALL=(ALL) NOPASSWD: ALL
vim manage_user_addsudo.sh
#!/bin/bash
chmod 640 /etc/sudoers
sed -i '/^root/a\ansible ALL=(ALL) NOPASSWD: ALL' /etc/sudoers
chmod 440 /etc/sudoers
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim user_addsudo.sh
#!/bin/bash
user_addsudo() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh $2@$1
expect {
*yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- $3\r}
}
expect "#*"
send "chmod 640 /etc/sudoers\r"
send "sed -i '/^root/a\ ansible ALL=(ALL) NOPASSWD: ALL' /etc/sudoers\r"
send "chmod 440 /etc/sudoers\r"
expect eof
EOF
}
echo "用户添加sudo验证"
sleep 5
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
user_addsudo $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,用户添加sudo验证成功"
else
echo "$IP,用户添加sudo验证失败"
fi
}
done
echo "完成任务"
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim user_delsudo.sh
#!/bin/bash
user_delsudo() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh $2@$1
expect {
*yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- $3\r}
}
expect "#*"
send "chmod 640 /etc/sudoers\r"
send "sed -i '/ansible ALL=(ALL) NOPASSWD: ALL/d' /etc/sudoers\r"
send "chmod 440 /etc/sudoers\r"
expect eof
EOF
}
echo "用户删除sudo验证"
sleep 5
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
user_delsudo $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,用户删除sudo验证成功"
else
echo "$IP,用户删除sudo验证失败"
fi
}
done
echo "完成任务"
2. 推送密钥1普通用户ssh_key.sh
- sh ssh_key.sh --执行方式(不带参数)
1.准备存放ip 的文件ip.txt
192.168.59.131:ansible:1
192.168.59.132:ansible:1
192.168.59.133:ansible:1
vim ssh_key.sh
#!/bin/bash
#*************************************************
#Author: wangyan
#Date: 2022-06-02
#FileName: ssh_key.sh
#*************************************************
sudo rpm -q expect &> /dev/null
if [ $? -ne 0 ] ;then
sudo yum install -y expect &>/dev/null
echo "安装expect完成"
fi
get_keygen() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-keygen -t dsa
expect {
*id_dsa):* {send -- \r;exp_continue;}
*passphrase):* {send -- \r;exp_continue;}
*again:* {send -- \r };
}
interact
expect eof
EOF
}
send_key() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-copy-id $2@$1
expect {
*yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- 1\r}
}
interact
expect eof
EOF
}
echo "正在制作密钥"
echo "存放的ip的文件是ip.txt,对方密码是必须是1"
sleep 5
if [ ! -f ~/.ssh/id_dsa.pub ];then
get_keygen &>/dev/null
fi
for line in `cat ip.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
send_key $IP $USERNAME
if [ $? -eq 0 ];then
echo "$IP,密钥发送成功"
else
echo "$IP,密钥发送失败"
fi
}
done
wait
echo "完成任务"
3.推送密钥2-普通用户ssh.sh
- sh ssh.sh ip1.txt – 执行方式(带参数)
[ansible@ansible ~]$ cat ip1.txt
192.168.59.131 ansible 1
192.168.59.132 ansible 1
192.168.59.133 ansible 1
vim ssh.sh
#!/bin/bash
sudo rpm -q expect &> /dev/null
if [ $? -ne 0 ] ;then
sudo yum install -y expect &>/dev/null
echo "安装expect完成"
fi
auto_ssh_keygen(){
expect -c "set timeout -1;
spawn ssh-keygen -t rsa;
expect {
*id_rsa):* {send -- \r;exp_continue;}
*passphrase):* {send -- \r;exp_continue;}
*again:* {send -- \r;exp_continue;}
eof {exit 0;}
}" &>/dev/null;
}
[ -f ~/.ssh/id_dsa.pub ] || auto_ssh_keygen &>/dev/null
auto_ssh_copy_id(){
expect -c "set timeout -1;
spawn ssh-copy-id $2@$1;
expect {
*(yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- $3\r;exp_continue;}
eof {exit 0;}
}";
}
ssh_copy_id_to_all(){
cat $1 |while read line
do
IP=`echo $line |cut -d ' ' -f 1`
USERNAME=`echo $line | cut -d ' ' -f 2`
PASSWORD=`echo $line | cut -d ' ' -f 3`
auto_ssh_copy_id $IP $USERNAME $PASSWORD
done
}
ssh_copy_id_to_all $1
4.推送密钥root
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
#!/bin/bash
#*************************************************
#Author: wangyan
#Date: 2022-06-02
#FileName: ssh_key_root.sh
#*************************************************
sudo rpm -q expect &> /dev/null
if [ $? -ne 0 ] ;then
sudo yum install -y expect &>/dev/null
echo "安装expect完成"
fi
get_keygen() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-keygen -t rsa
expect {
*id_rsa):* {send -- \r;exp_continue;}
*passphrase):* {send -- \r;exp_continue;}
*again:* {send -- \r };
}
interact
expect eof
EOF
}
send_key() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-copy-id $2@$1
expect {
*yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- $3\r}
}
interact
expect eof
EOF
}
echo "正在制作密钥"
echo "存放的ip的文件是ip2.txt"
sleep 5
if [ ! -f ~/.ssh/id_dsa.pub ];then
get_keygen
fi
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
send_key $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,密钥发送成功"
else
echo "$IP,密钥发送失败"
fi
}
done
wait
echo "完成任务"
5.添加chmod700
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim chmod700.sh
#!/bin/bash
chmod700() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh $2@$1
expect {
*password:* {send -- $3\r}
}
expect "#*"
send "chmod 700 /home/ansible/.ssh/authorized_keys\r"
expect eof
EOF
}
echo "权限700验证"
sleep 5
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
chmod700 $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,添加权限700验证成功"
else
echo "$IP,添加权限700验证失败"
fi
}
done
echo "完成任务"
6.添加chmod700_root
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim chmod700_root.sh
#!/bin/bash
chmod700_root() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh $2@$1
expect {
*password:* {send -- $3\r}
}
expect "#*"
send "chmod 700 /root/.ssh/authorized_keys\r"
expect eof
EOF
}
echo "权限700验证_root/.ssh"
sleep 5
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
chmod700_root $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,添加权限700验证成功"
else
echo "$IP,添加权限700验证失败"
fi
}
done
echo "完成任务"
7.推送密钥3:普通用户user_ssh_key_root.sh
- 执行 sh user_ssh_key_root.sh
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim user_ssh_key_root.sh
#!/bin/bash
#*************************************************
#Author: wangyan
#Date: 2022-06-02
#FileName: user_ssh_key_root.sh
#*************************************************
sudo rpm -q expect &> /dev/null
if [ $? -ne 0 ] ;then
sudo yum install -y expect &>/dev/null
echo "安装expect完成"
fi
get_keygen() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-keygen -t rsa
expect {
*id_rsa):* {send -- \r;exp_continue;}
*passphrase):* {send -- \r;exp_continue;}
*again:* {send -- \r };
}
interact
expect eof
EOF
}
send_key() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh-copy-id $2@$1
expect {
*yes/no/* {send -- yes\r;exp_continue;}
*password:* {send -- $3\r}
}
interact
expect eof
EOF
}
echo "正在制作密钥"
echo "存放的ip的文件是ip2.txt"
sleep 5
if [ ! -f ~/.ssh/id_dsa.pub ];then
get_keygen &>/dev/null
fi
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
send_key $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,密钥发送成功"
else
echo "$IP,密钥发送失败"
fi
}
done
wait
echo "完成任务"
- 登录 方式 ssh root@192.168.59.131
8.修改sshd密码验证
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd
cat /etc/ssh/sshd_config |grep '^PasswordA'
9.取消密码验证
vim ip2.txt
192.168.59.131:root:1
192.168.59.132:root:1
192.168.59.133:root:1
vim nopass.sh
#!/bin/bash
nopass() {
/usr/bin/expect <<-EOF &>/dev/null
spawn ssh $2@$1
expect {
*password:* {send -- $3\r}
}
expect "#*"
send "sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config\r"
send "systemctl restart sshd\r"
expect eof
EOF
}
echo "取消密码验证"
sleep 5
for line in `cat ip2.txt`
do
{
IP=`echo "$line" |awk -F ':' '{print $1}'`
USERNAME=`echo "$line" |awk -F ':' '{print $2}'`
PASSWORD=`echo "$line" |awk -F ':' '{print $3}'`
nopass $IP $USERNAME $PASSWORD
if [ $? -eq 0 ];then
echo "$IP,取消密码验证成功"
else
echo "$IP,取消密码验证失败"
fi
}
done
echo "完成任务"