批量部署ssh私钥认证

最新推荐文章于 2024-10-02 10:53:34 发布

weixin_33961829

最新推荐文章于 2024-10-02 10:53:34 发布

阅读量102

点赞数

文章标签：运维开发工具

vim batch_sshkey.sh

#!/bin/bash
cd /root
cat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keys
for i in `cat iplist`
do
ip=$(echo "$i"|cut -f1 -d":")
password=$(echo "$i"|cut -f2 -d":")
expect -c "
spawn scp /root/.ssh/authorized_keys /root/remote_operate.sh root@$ip:/tmp/
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"$password\r\"; exp_continue}
\"*Password*\" {send \"$password\r\";}
}
"

expect -c "
spawn ssh root@$ip "/tmp/remote_operate.sh"
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"$password\r\"; exp_continue}
\"*Password*\" {send \"$password\r\";}
}
"
done

============================================================

vim iplist（前面是IP，后面是密码，用冒号：分割） 密码后面不允许有空格

192.168.8.23:123456
192.168.8.24:456789

============================================================

vim remote_operate.sh

#!/bin/bash
if [ ! -d /root/.ssh ];then
mkdir /root/.ssh
fi
cp /tmp/authorized_keys /root/.ssh/
rm -f /tmp/authorized_keys
rm -f $0

==========================================================

运行batch_sshkey.sh后即可实现批量部署。

-----------------------------------------------------------------------------------------------------------------------------------------

以上情形适用于超大规模的批量部署，对于十几台机器规模而言的话有点小题大做了，以下示例比较适用于小规模的批量部署：

#!/bin/bash
IP_list=10.0.10.60,10.0.10.62
PWD=123456
key_generate() {
    expect -c "set timeout -1;
        spawn ssh-keygen -t dsa;
        expect {
            {Enter file in which to save the key*} {send -- \r;exp_continue}
            {Enter passphrase*} {send -- \r;exp_continue}
            {Enter same passphrase again:} {send -- \r;exp_continue}
            {Overwrite (y/n)*} {send -- n\r;exp_continue}
            eof             {exit 0;}
    };"
}
auto_ssh_copy_id () {
    expect -c "set timeout -1;
        spawn ssh-copy-id -i $HOME/.ssh/id_dsa.pub root@$1;
            expect {
                {Are you sure you want to continue connecting *} {send -- yes\r;exp_continue;}
                {*password:} {send -- $2\r;exp_continue;}
                eof {exit 0;}
            };"
}
rm -rf ~/.ssh 2>/dev/null
key_generate
ips=$(echo $IP_list | tr ',' ' ')
for ip in $ips
do
    auto_ssh_copy_id $ip  $PWD
done
eval &(ssh-agent)
ssh-add