linux_6.5无交互批量分发ssh key

linux_6.5无交互批量分发ssh key

------测试192.168.16.66无交互分发ssh key到192.168.16.106------

------系统版本------

[root@rsync_server ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@rsync_client Tue Aug 20 23:02 ~]# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 6.5 (Santiago)

------分发前创建用户------

[root@rsync_server ~]# useradd lbw888
[root@rsync_server ~]# echo "123456" | passwd --stdin lbw888
Changing password for user lbw888.
passwd: all authentication tokens updated successfully.

[root@rsync_client Tue Aug 20 22:55 ~]# useradd lbw888
[root@rsync_client Tue Aug 20 22:59 ~]# echo "123456" | passwd --stdin lbw888
Changing password for user lbw888.
passwd: all authentication tokens updated successfully.

------在16.66上面生成秘钥对------

[lbw888@rsync_server ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/lbw888/.ssh/id_dsa): 
Created directory '/home/lbw888/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/lbw888/.ssh/id_dsa.
Your public key has been saved in /home/lbw888/.ssh/id_dsa.pub.
The key fingerprint is:
cf:32:90:6f:fa:b9:11:53:a8:ee:79:ed:57:bf:33:55 lbw888@rsync_server
The key's randomart image is:
+--[ DSA 1024]----+
|                 |
|         .       |
|        . .      |
|       o .      E|
|      + S       .|
|     . o =    . .|
|      . *.o  . ..|
|     . +.=. .  o.|
|      +o+o..   .+|
+-----------------+

------安装expect------
[root@rsync_server ~]# yum install expect -y

[root@rsync_server ~]# which expect
/usr/bin/expect

------编写expect无交互脚本------

[lbw888@rsync_server ~]$ cat fenfa_sshkey.exp 
#!/usr/bin/expect
if { $argc != 2 } {
 send_user "usage: expect fenfa_sshkey.exp file host\n"
 exit
}

#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "123456"
spawn ssh-copy-id -i $file "-p 22 lbw888@$host"
expect {
    "yes/no"    {send "yes\r";exp_continue}
    "*password"    {send "$password\r"}
}
expect eof

exit -onexit {
    send_user "lbw say good bye to you!\n"
}

    
*****用法：expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 10.0.0.8    

------编写批量分发脚本------

[lbw888@rsync_server ~]$ cat fenfa.sh 
#!/bin/bash
. /etc/init.d/functions
for ip in `cat iplist`
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub $ip
if [ $? -eq 0 ];then
    action "$ip" /bin/true
else
    action "$ip" /bin/false
fi
done

------在iplist中输入相应要分发ssh key的ip------

[lbw888@rsync_server ~]$ cat iplist 
192.168.16.106
192.168.16.107
192.168.16.108

------脚本授权------

[lbw888@rsync_server ~]$ chmod +x fenfa.sh 
[lbw888@rsync_server ~]$ chmod +x fenfa_sshkey.exp
[lbw888@rsync_server ~]$ ll
total 8
-rwxrwxr-x 1 lbw888 lbw888 191 Aug 20 23:07 fenfa.sh
-rwxrwxr-x 1 lbw888 lbw888 388 Aug 20 23:05 fenfa_sshkey.exp

------执行脚本分发------

[lbw888@rsync_server ~]$ ./fenfa.sh 
spawn ssh-copy-id -i /home/lbw888/.ssh/id_dsa.pub -p 22 lbw888@192.168.16.106
The authenticity of host '192.168.16.106 (192.168.16.106)' can't be established.
RSA key fingerprint is 98:07:f7:a0:c3:56:f8:f8:ec:3b:b3:c8:7c:64:c9:fb.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.106' (RSA) to the list of known hosts.
lbw say good bye to you!
192.168.16.106                                             [  OK  ]
spawn ssh-copy-id -i /home/lbw888/.ssh/id_dsa.pub -p 22 lbw888@192.168.16.107
ssh: connect to host 192.168.16.107 port 22: No route to host
expect: spawn id exp4 not open
    while executing
"expect eof"
    (file "fenfa_sshkey.exp" line 16)
192.168.16.107                                             [FAILED]
spawn ssh-copy-id -i /home/lbw888/.ssh/id_dsa.pub -p 22 lbw888@192.168.16.108
ssh: connect to host 192.168.16.108 port 22: No route to host
expect: spawn id exp4 not open
    while executing
"expect eof"
    (file "fenfa_sshkey.exp" line 16)
192.168.16.108                                             [FAILED]

------测试ssh无密码执行远程命令------

[lbw888@rsync_server ~]$ ssh 192.168.16.106 /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:43:90:F6  
          inet addr:192.168.16.106  Bcast:192.168.16.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe43:90f6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2544 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2425 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:296282 (289.3 KiB)  TX bytes:210024 (205.1 KiB)