ssh 四种免密操作

ssh 四种免密操作

启动三台虚拟机 192.168.120.128,192.168.120.129,192.168.120.131,在128机器上执行如下命令,生成公钥

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub  >>~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys 

方式1:使用 ssh-copy-id命令

ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.129
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.131

方式2:使用scp命令

scp ~/.ssh/id_rsa.pub  root@192.168.120.131:/root/.ssh/authorized_keys 

 

方式1和方式2并不适合多主机(比如几十台或者上百台机器),因为每次传送之前都需要进行密码输入,采用sshpass和expect工具可实现自动化免密操作。

方式3:使用sshpass

• 使用yum 下载并安装sshpass

yum install sshpass

软件使用方法如下

将128机器上的公钥复制给其他两台机器

[root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub  root@192.168.120.131:/root/.ssh/authorized_keys 
[root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub  root@192.168.120.129:/root/.ssh/authorized_keys 

方式4：使用交互式命令

• 下载安装expect软件

yum install expect

• 创建测试脚本 vim ssh.sh,脚本内容如下

#!/usr/bin/expect -d 
set timeout 30
spawn ssh-copy-id 192.168.120.128
expect {
"*yes/no" {send "yes\r"; exp_continue}
"password:" {send "rootroot\r"}
}
expect eof

• 测试结果如下

[root@bogon home]# ./ssh.sh 
expect version 5.45
argv[0] = /usr/bin/expect  argv[1] = -d  argv[2] = ./ssh.sh  
set argc 0
set argv0 "./ssh.sh"
set argv ""
executing commands from command file ./ssh.sh
spawn ssh-copy-id 192.168.120.128
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {1452}

expect: does "" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"

expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
Are you sure you want to continue connecting (yes/no)? 
expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp6) match glob pattern "*yes/no"? yes
expect: set expect_out(0,string) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no"
send: sending "yes\r" to { exp6 }
expect: continuing expect

expect: does ")? " (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
yes

expect: does ")? yes\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

expect: does ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
        (if you think this is a mistake, you may want to use -f option)


expect: does ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n\r\n/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.\r\n\t\t(if you think this is a mistake, you may want to use -f option)\r\n\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
expect: read eof
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n\r\n/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.\r\n\t\t(if you think this is a mistake, you may want to use -f option)\r\n\r\n"
expect: spawn id exp6 not open
    while executing
"expect eof "
    (file "./ssh.sh" line 8)

 

参照文档

• sshpass-Linux命令之非交互SSH密码验证
• Shell脚本实现SSH免密登录及批量配置管理
• expect安装和使用

转载于:https://www.cnblogs.com/zhengzuozhanglina/p/11417053.html