Linux之expect非交互式功能
我在上一篇博文linux之SSH密钥认证 提过ssh之间的相互认证,但是每次使用ssh登录到其它服务器还是要输入密码的。
expect是用于提供自动交互的工具,自动连接被管理的服务器,不需要手动输入密码。
1、安装expect
[root@mg ~]# yum install -y expect
2、编写expect脚本,直接分发SSH公钥,不用手工输入密码。
vim /server/scripts/expect.exp
1 #!/usr/bin/expect 2 3 #-------------CopyRight------------- 4 # Name:ssh send password 5 # Version Number:1.00 6 # Type:sh 7 # Language:expect 8 # Date:2018-05-24 9 # Author:sandy 10 # QQ:442656067 11 # Email:eeexu123@163.com 12 # Blog:https://www.cnblogs.com/eeexu123/ 13 14 if { $argc != 2 } { 15 send_user "usage: expect fenfa_expect file host\n" //判断传入参数是否是2个 16 exit 1 17 } 18 19 #define var 20 set file [lindex $argv 0] //第一个参数是ssh公钥 21 set host [lindex $argv 1] //第二个参数是连接的远程主机地址 22 set passwd "herine" //设置连接用户的密码 23 24 25 #send ssh key 26 spawn ssh-copy-id -i $file "-p 22 root@$host" //发送ssh公钥命令 27 expect { 28 "yes/no" {send "yes\r";exp_continue} //是否继续连接,expect交互式功能,自动添加yes,并继续。yes后成必须加\r回车符30 } 31 32 sleep 3 //等待连接到远程主机 33 expect "*password" //输入密码,expect交互功能,自动添加密码变量。后面加\r回车符 34 send "$passwd\r" 35 expect eof 36 37 exit -onexit { 38 send_user "Goodbye!\n" //退出 39 }
3、测试
/usr/bin/expect test_expect.exp ~/.ssh/id_dsa.pub 172.16.1.72
上面一条命令可以放在脚本里,大批量建立ssh密钥连接
1 [root@mg scripts]# /usr/bin/expect test_expect.exp ~/.ssh/id_dsa.pub 172.16.1.72 2 spawn ssh-copy-id -i /root/.ssh/id_dsa.pub -p 22 root@172.16.1.72 3 The authenticity of host '172.16.1.72 (172.16.1.72)' can't be established. 4 RSA key fingerprint is a5:17:d4:89:36:79:58:aa:99:8d:f0:ce:98:5a:d3:f4. 5 Are you sure you want to continue connecting (yes/no)? yes 6 Warning: Permanently added '172.16.1.72' (RSA) to the list of known hosts. 7 root@172.16.1.72's password: 8 Now try logging into the machine, with "ssh '-p 22 root@172.16.1.72'", and check in: 9 10 .ssh/authorized_keys 11 12 to make sure we haven't added extra keys that you weren't expecting. 13 14 Goodbye!
ssh远程使用命令
1 [root@mg scripts]# ssh root@172.16.1.72 "/sbin/ifconfig eth1" 2 eth1 Link encap:Ethernet HWaddr 00:0C:29:8D:65:92 3 inet addr:172.16.1.72 Bcast:172.16.1.255 Mask:255.255.255.0 4 inet6 addr: fe80::20c:29ff:fe8d:6592/64 Scope:Link 5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 6 RX packets:560 errors:0 dropped:0 overruns:0 frame:0 7 TX packets:218 errors:0 dropped:0 overruns:0 carrier:0 8 collisions:0 txqueuelen:1000 9 RX bytes:72275 (70.5 KiB) TX bytes:39742 (38.8 KiB)
由上可以,expect交互功能在SSH免密码操作成功。
如果有错误,欢迎各位网友指导。
另外喜欢的话,给个推荐呗,谢谢!