一、建立信任关系

192.168.9.203 为管理机

192.168.9.201 192.168.9.202 为远程linux服务器

1、在管理机生成证书、

[root@manage ~]# ssh-keygen -t rsa     (然后一路回车)

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.   (私钥)

Your public key has been saved in /root/.ssh/id_rsa.pub. (公钥)

The key fingerprint is:

36:ec:fc:db:b0:7f:81:7e:d0:1d:36:5e:29:dd:5b:a0

 

2、将管理机上的公钥传送到各远程服务器

如远程服务器更改了默认的ssh端口号,就使用scp -P 1717317173为端口号

[root@manage .ssh]# scp id_rsa.pub 192.168.9.201:/root/.ssh/authorized_keys

[root@manage .ssh]# scp id_rsa.pub 192.168.9.202:/root/.ssh/authorized_keys

管理机与远程主机信任关系建立完毕

 

 二、通过shell脚本批量修改远程服务器密码

如果要调用mkpasswd就得安装expect,使用mkpasswd可以随机产生密码

usage: mkpasswd [args] [user]

 where arguments are:

    -l #      (length of password, default = 10)

    -d #      (min # of digits, default = 2)

    -c #      (min # of lowercase chars, default = 2)

    -C #      (min # of uppercase chars, default = 2)

    -s #      (min # of special chars, default = 1)

    -v        (verbose, show passwd interaction)

    -p prog   (program to set password, default = passwd)

比如说你要指定一个长度为8,而且至少有三个大写字母的密码,那么可以这样输入:

mkpasswd -l 8 - C 3,好了,密码就会按你的要求随机产生了

 

yum -y install expect

 

使用mkpasswd产生随机密码

 

[root@manage .ssh]# mkpasswd -l 32

megVjmbpo8tw2zn$nmcgguensluxayCw

 

ip_list.txt为远程服务器IP列表

[root@manage .ssh]# cat ip_list.txt

192.168.9.201

192.168.9.202

如果远程服务器修改了默认ssh的端口号,就使用ssh -p 1717317173为端口号

 

#!/bin/bash
#============== Though ssh remote server ,auto modify ROOT passwd =============#
for IP in `cat /bak/scripts/ip_list.txt`                #导入远程要修改主机的IP
do


#========================= 创建远程主机密码 ===================================#
echo "megVjmbpo8tw2zn$nmcgguensluxayCw" > R_PWD.txt      # 可以写成自己需要的密码
R_PWD=`cat R_PWD.txt`                                    # 引用变量

 

#========================= 修改远程主机密码 ===================================#
if [ $? = 0 ] ; then
   ssh $IP passwd root --stdin < R_PWD.txt
   echo -e "$(date "+%Y-%m-%d %H:%M:%S")\t${IP}\t${R_PWD}\t" >> /var/log/R_Server.log
else
   echo -e "$(date "+%Y-%m-%d %H:%M:%S")\t${IP} R_PWD.txt is create fail\tplease check!\t" >> /var/log/M_pass.log
fi
if [ $? = 0 ] ; then
   echo -e "$(date "+%Y-%m-%d %H:%M:%S")\tThe ${IP} passwd is modify OK\t" >> M_pass.log
else
   echo -e "$(date "+%Y-%m-%d %H:%M:%S")\tThe ${IP} passwd is modify fail\tplease check!\t" >> /var/log/M_pass.log
fi
done
 

最后执行shell脚本