准备环境
- 2台CentOS7.9服务器
- 服务器IP:192.168.30.11、192.168.30.12、192.168.30.13
准备shell脚本
通过脚本自动生产SSH秘钥,
[root@localhost ~]# cat ssh_auto.sh
#!/bin/bash
rpm -q expect
if [ $? -ne 0 ];then
yum -y install expect
fi
ssh_keygen_ceate() {
expect << -EOF
spawn ssh-keygen -t rsa
expect {
"save the key" {send "\r";exp_continue}
"Overwrite" {send "y\r";exp_continue}
"Enter passphrase" {send "\r";exp_continue}
"same passphrase" {send "\r"}
}
expect eof
-EOF
}
# 判断是否已存在SSH秘钥,如果不存在,则生成SSH秘钥
if [ ! -f /root/.ssh/id_rsa.pub ];then
ssh_keygen_ceate
echo '生成SSH秘钥'
else
echo '已存在秘钥'
fi
CLIENT1=$1 #服务器IP地址
USER=$2 #服务器用户名
PASSWD=$3 #服务器密码
ssh_copy_id_auto(){
expect << -EOF
spawn ssh-copy-id ${USER}@${CLIENT1}
expect {
"yes/no" {send "yes\r";exp_continue}
"password" {send "$PASSWD\r"}
}
expect eof
-EOF
}
ssh_copy_id_auto
执行shell脚本,实现免密
将ssh_auto.sh上传到192.168.30.13服务器上,并执行ssh_auto.sh,向192.168.30.12做免密SSH
[root@localhost ~]# sh ssh_auto.sh 192.168.30.12 <用户名> <密码>
expect-5.45-14.el7_1.x86_64
已存在秘钥
spawn ssh-copy-id root@192.168.30.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.30.12 (192.168.30.12)' can't be established.
ECDSA key fingerprint is SHA256:j57T4ojd2p6lvydRC8FO35vG8rvKwQ2JlU67FxjdG0E.
ECDSA key fingerprint is MD5:c3:54:e9:d0:2c:5b:6d:d1:ce:2e:1b:48:52:d5:06:be.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.30.12's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.30.12'"
and check to make sure that only the key(s) you wanted were added.
[root@localhost ~]# ssh root@192.168.30.12
Last login: Tue Dec 15 16:32:32 2020 from 192.168.30.13
各服务器之间做SSH免密
192.168.30.13上执行:
[root@localhost ~]# sh ssh_auto.sh 192.168.30.11 <用户名> <密码>
192.168.30.12上执行:
[root@localhost ~]# sh ssh_auto.sh 192.168.30.11 <用户名> <密码>
[root@localhost ~]# sh ssh_auto.sh 192.168.30.13 <用户名> <密码>
192.168.30.11上执行:
[root@localhost ~]# sh ssh_auto.sh 192.168.30.12 <用户名> <密码>
[root@localhost ~]# sh ssh_auto.sh 192.168.30.13 <用户名> <密码>
测试各服务器之间SSH免密
192.168.30.13上执行:
[root@localhost ~]# scp ssh_auto.sh root@192.168.30.11:/root/
ssh_auto.sh 100% 809 815.8KB/s 00:00
[root@localhost ~]# scp ssh_auto.sh root@192.168.30.12:/root/
ssh_auto.sh 100% 809 930.5KB/s 00:00
[root@localhost ~]#