Linux之expect非交互式功能

我在上一篇博文linux之SSH密钥认证 提过ssh之间的相互认证,但是每次使用ssh登录到其它服务器还是要输入密码的。

expect是用于提供自动交互的工具,自动连接被管理的服务器,不需要手动输入密码。

1、安装expect

[root@mg ~]# yum install -y expect

2、编写expect脚本,直接分发SSH公钥,不用手工输入密码。

vim /server/scripts/expect.exp

 1 #!/usr/bin/expect
 2 
 3 #-------------CopyRight-------------  
 4 #   Name:ssh send password  
 5 #   Version Number:1.00  
 6 #   Type:sh  
 7 #   Language:expect
 8 #   Date:2018-05-24  
 9 #   Author:sandy
10 #   QQ:442656067
11 #   Email:eeexu123@163.com  
12 #   Blog:https://www.cnblogs.com/eeexu123/
13 
14 if { $argc != 2 } {
15   send_user "usage: expect fenfa_expect file host\n"     //判断传入参数是否是2个
16   exit 1
17 }
18 
19 #define var
20 set file [lindex $argv 0]   //第一个参数是ssh公钥
21 set host [lindex $argv 1]   //第二个参数是连接的远程主机地址
22 set passwd "herine"         //设置连接用户的密码
23 
24 
25 #send ssh key
26 spawn ssh-copy-id -i $file "-p 22 root@$host"     //发送ssh公钥命令
27 expect {
28   "yes/no" {send "yes\r";exp_continue}      //是否继续连接,expect交互式功能,自动添加yes,并继续。yes后成必须加\r回车符30 }
31 
32 sleep 3          //等待连接到远程主机
33 expect "*password"     //输入密码,expect交互功能,自动添加密码变量。后面加\r回车符
34 send "$passwd\r"
35 expect eof
36 
37 exit -onexit {
38   send_user "Goodbye!\n"    //退出
39 }

3、测试

/usr/bin/expect test_expect.exp ~/.ssh/id_dsa.pub 172.16.1.72
上面一条命令可以放在脚本里,大批量建立ssh密钥连接
 1 [root@mg scripts]# /usr/bin/expect test_expect.exp ~/.ssh/id_dsa.pub 172.16.1.72
 2 spawn ssh-copy-id -i /root/.ssh/id_dsa.pub -p 22 root@172.16.1.72
 3 The authenticity of host '172.16.1.72 (172.16.1.72)' can't be established.
 4 RSA key fingerprint is a5:17:d4:89:36:79:58:aa:99:8d:f0:ce:98:5a:d3:f4.
 5 Are you sure you want to continue connecting (yes/no)? yes
 6 Warning: Permanently added '172.16.1.72' (RSA) to the list of known hosts.
 7 root@172.16.1.72's password: 
 8 Now try logging into the machine, with "ssh '-p 22 root@172.16.1.72'", and check in:
 9 
10   .ssh/authorized_keys
11 
12 to make sure we haven't added extra keys that you weren't expecting.
13 
14 Goodbye!

ssh远程使用命令

1 [root@mg scripts]# ssh root@172.16.1.72 "/sbin/ifconfig eth1"
2 eth1      Link encap:Ethernet  HWaddr 00:0C:29:8D:65:92  
3           inet addr:172.16.1.72  Bcast:172.16.1.255  Mask:255.255.255.0
4           inet6 addr: fe80::20c:29ff:fe8d:6592/64 Scope:Link
5           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
6           RX packets:560 errors:0 dropped:0 overruns:0 frame:0
7           TX packets:218 errors:0 dropped:0 overruns:0 carrier:0
8           collisions:0 txqueuelen:1000 
9           RX bytes:72275 (70.5 KiB)  TX bytes:39742 (38.8 KiB)

由上可以,expect交互功能在SSH免密码操作成功。

posted @ 2018-05-25 11:13  启云  阅读(1269)  评论(0编辑  收藏  举报