ssh-keygen免密登录

最新推荐文章于 2023-06-28 19:00:43 发布

竹门迎日照

最新推荐文章于 2023-06-28 19:00:43 发布

阅读量1k

点赞数

分类专栏： Shell Scripts

本文链接：https://blog.csdn.net/zzjiwang/article/details/52432686

版权

Shell Scripts 专栏收录该内容

8 篇文章 0 订阅

订阅专栏

 
 
  
  #!/bin/bash
 
 
 
 
  
  #Function:Script will automatically generate the current login account of the public key to send to 
 
 
 
 
  
  #multiple remote hosts, in order to achieve the purpose of this machine SSH free login multiple remote host
 
 
 
 
  
  #Usage:bash ssh-login-withoutpasswd.sh
 
 
 
 
  
  #Date:2016/8
 
 
 
 
  
  #Author:Jian
 
 
 
 
  
  

 
 
 
 
  
  #运行该脚本前,请先安装expect,否则脚本运行不成功,原理:将本机产生的公钥id_rsa.pub用scp传输至远程服务器
 
 
 
 
  
  #的家目录下的.ssh目录中便可实现本机(注意是用本机产生公钥的账号)登陆远程主机的目的
 
 
 
 
  
  #需要注意的是要将远程主机各个家目录下的.ssh:chmod 700,其下面的文件全部:chmod 600
 
 
 
 
  
  #在centos,rhel及ubuntu测试通过,如果成功将本机公钥传输到远程主机却不能免密登陆,请检查远程主机的selinux和iptables
 
 
 
 
  
  #需要的话,可自行添加日志相关代码
 
 
 
 
  
  

 
 
 
 
  
  check_hosts_on () {
 
 
 
 
  
  ping_out=`mktemp ping.XXXXXX`
 
 
 
 
  
  hosts_online=`mktemp hosts_online.XXXXXX`
 
 
 
 
  
  cd $current_dir
 
 
 
 
  
  for ip in $(cat hostnamelist|awk -F : '{print $1}')
 
 
 
 
  
  do
 
 
 
 
  
    ping -c1 -w1 $ip >/dev/null && echo "$ip is up" || echo "$ip is down"
 
 
 
 
  
  done>>$ping_out
 
 
 
 
  
  for ip_online in $(cat $ping_out|grep "up"|awk '{print $1}')
 
 
 
 
  
  do
 
 
 
 
  
    grep "$ip_online" hostnamelist >> $hosts_online
 
 
 
 
  
  done
 
 
 
 
  
  }
 
 
 
 
  
  authorized_file_transfer () {
 
 
 
 
  
  #enter the directory where hostnamelist is located
 
 
 
 
  
  #the hostnamelist file has a target host IP address that needs to be delivered
 
 
 
 
  
  #save format as ipaddr:username:password,eg:192.168.1.10:root:123456,note that do not leave spaces
 
 
 
 
  
  cd $current_dir
 
 
 
 
  
  for remote_infor in `cat $hosts_online`
 
 
 
 
  
  do
 
 
 
 
  
    remote_ip_addr=`echo "$remote_infor" | awk -F : '{print $1}'`
 
 
 
 
  
    remote_username=`echo "$remote_infor" | awk -F : '{print $2}'`
 
 
 
 
  
    remote_password=`echo "$remote_infor" | awk -F : '{print $3}'`
 
 
 
 
  
  expect << EOF
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    spawn ssh -o StrictHostKeyChecking=no $remote_username@$remote_ip_addr
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect "$remote_username@$remote_ip_addr's password:"
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    send "$remote_password\r"
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "mkdir -p ~/.ssh\r"}
 
 
 
 
  
    "*\$*" {send "mkdir -p ~/.ssh\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "scp -o StrictHostKeyChecking=no $local_username@$local_ip_addr:$HOME/.ssh/id_rsa.pub ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
 
 
 
 
  
    "*\$*" {send "scp -o StrictHostKeyChecking=no $local_username@$local_ip_addr:$HOME/.ssh/id_rsa.pub ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect "$local_username@$local_ip_addr's password:"
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    send "$local_host_passwd\r"
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "cat ~/.ssh/authorized_keys_from_$local_ip_addr >>  ~/.ssh/authorized_keys\r"}
 
 
 
 
  
    "*\$*" {send "cat ~/.ssh/authorized_keys_from_$local_ip_addr >>  ~/.ssh/authorized_keys\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && rm -f ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
 
 
 
 
  
    "*\$*" {send "chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && rm -f ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "chown -R $remote_username: ~/.ssh\r"}
 
 
 
 
  
    "*\$*" {send "chown -R $remote_username: ~/.ssh\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect {
 
 
 
 
  
    "*#*" {send "exit\r"}
 
 
 
 
  
    "*\$*" {send "exit\r"}
 
 
 
 
  
    }
 
 
 
 
  
    set timeout 10
 
 
 
 
  
    expect eof
 
 
 
 
  
  EOF
 
 
 
 
  
  done
 
 
 
 
  
  }
 
 
 
 
  
  create_authorized_file () {
 
 
 
 
  
  #using ssh-keygen to generate the key, the path is the default path, the empty password
 
 
 
 
  
    if [ -d ~/.ssh ];then
 
 
 
 
  
      ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
 
 
 
 
  
    else
 
 
 
 
  
      mkdir -p ~/.ssh
 
 
 
 
  
      ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
 
 
 
 
  
    fi
 
 
 
 
  
  }
 
 
 
 
  
  #get local IP address
 
 
 
 
  
  local_ip_addr=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"|head -1`
 
 
 
 
  
  local_host_passwd="123456"
 
 
 
 
  
  #get the user name of the current login user
 
 
 
 
  
  local_username=`whoami`
 
 
 
 
  
  #get the directory where the current run script is located
 
 
 
 
  
  current_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 
 
 
  
  cd $current_dir
 
 
 
 
  
  #first determine whether the host list file exists
 
 
 
 
  
  if [ -f hostnamelist ]; then
 
 
 
 
  
  #detect which hosts online, which offline
 
 
 
 
  
    check_hosts_on
 
 
 
 
  
    if grep "down" $ping_out >/dev/null; then
 
 
 
 
  
      echo "Warning:$(sed -n '/down/p' $ping_out|wc -l) hosts offline:"
 
 
 
 
  
      sed -n '/down/p' $ping_out
 
 
 
 
  
      echo "$(sed -n '/up/p' $ping_out|wc -l) hosts online:"
 
 
 
 
  
      sed -n '/up/p' $ping_out
 
 
 
 
  
    else
 
 
 
 
  
      echo "The hosts in the hostnamelist are all online!"
 
 
 
 
  
    fi
 
 
 
 
  
    if [ -f ~/.ssh/id_rsa ] && [ -f ~/.ssh/id_rsa.pub ]; then
 
 
 
 
  
      authorized_file_transfer
 
 
 
 
  
      chown -R $local_username: ~/.ssh/
 
 
 
 
  
      chmod 600 ~/.ssh/* 
 
 
 
 
  
      chmod 700 ~/.ssh
 
 
 
 
  
      rm -f $ping_out
 
 
 
 
  
      rm -f $hosts_online
 
 
 
 
  
      exit 0
 
 
 
 
  
    else
 
 
 
 
  
      create_authorized_file
 
 
 
 
  
      authorized_file_transfer
 
 
 
 
  
      chown -R $local_username: ~/.ssh/
 
 
 
 
  
      chmod 600 ~/.ssh/* 
 
 
 
 
  
      chmod 700 ~/.ssh
 
 
 
 
  
      rm -f $ping_out
 
 
 
 
  
      rm -f $hosts_online
 
 
 
 
  
      exit 0
 
 
 
 
  
    fi
 
 
 
 
  
  else
 
 
 
 
  
    echo "Error:the important file 'hostnamelist' has been lost"
 
 
 
 
  
    echo "Now,creat it,but you still write something inside,the format is as follows:"
 
 
 
 
  
    touch hostnamelist
 
 
 
 
  
    echo "remote_ip_addr:remote_user_name:remote_host_password"
 
 
 
 
  
    exit 0
 
 
 
 
  
  fi

竹门迎日照

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ssh-keygen免密登录

#!/bin/bash#Function:Script will automatically generate the current login account of the public key to send to #multiple remote hosts, in order to achieve the purpose of this machine SSH free login mu
复制链接

扫一扫