expect批量免密登录🐝🐝🐝
expect批量免密登录🐝🐝🐾
一、准备工作
安装expect
[root@k8s-node02 ~]# yum -y install expect
生成密钥对
[root@k8s-node02 ~]# ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
二、批量推送密钥
编写shell脚本
[root@k8s-node02 ~]# cat sshpush.sh #!/usr/bin/bash user="root" passwd='123456'
hosts='k8s-master01 k8s-master02 k8s-master03 k8s-node01' (这里已提前做好hosts解析) for host in $hosts (或者提前生成ip列表文件;for host in `cat iplist.txt`) do echo "===============$host================" expect <<EOF set timeout 10 spawn ssh-copy-id -f "$user@$host" expect { "yes/no" { send "yes\n"; exp_continue} "password:" { send "$passwd\n"} } expect eof; EOF done
执行shell脚本
[root@k8s-node02 ~]# shellcheck sshpush.sh (可以先检查shell语法,yum -y install shellcheck)
[root@k8s-node02 ~]# sh sshpush.sh
输出:
[root@k8s-node02 ~]# sh sshpush.sh =========================k8s-master01=============================== spawn ssh-copy-id -f root@k8s-master01 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'k8s-master01 (192.168.0.71)' can't be established. ED25519 key fingerprint is SHA256:CareY4NnHZfTsByqMH5Gwvcqxx165c6m5FOcN8jRs7E. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes root@k8s-master01's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@k8s-master01'" and check to make sure that only the key(s) you wanted were added. =========================k8s-master02=============================== spawn ssh-copy-id -f root@k8s-master02 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'k8s-master02 (192.168.0.72)' can't be established. ED25519 key fingerprint is SHA256:CareY4NnHZfTsByqMH5Gwvcqxx165c6m5FOcN8jRs7E. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: k8s-master01 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes root@k8s-master02's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@k8s-master02'" and check to make sure that only the key(s) you wanted were added. =========================k8s-master03=============================== spawn ssh-copy-id -f root@k8s-master03 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'k8s-master03 (192.168.0.73)' can't be established. ED25519 key fingerprint is SHA256:CareY4NnHZfTsByqMH5Gwvcqxx165c6m5FOcN8jRs7E. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: k8s-master01 ~/.ssh/known_hosts:4: k8s-master02 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes root@k8s-master03's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@k8s-master03'" and check to make sure that only the key(s) you wanted were added. =========================k8s-node01=============================== spawn ssh-copy-id -f root@k8s-node01 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host 'k8s-node01 (192.168.0.74)' can't be established. ED25519 key fingerprint is SHA256:CareY4NnHZfTsByqMH5Gwvcqxx165c6m5FOcN8jRs7E. This host key is known by the following other names/addresses: ~/.ssh/known_hosts:1: k8s-master01 ~/.ssh/known_hosts:4: k8s-master02 ~/.ssh/known_hosts:5: k8s-master03 Are you sure you want to continue connecting (yes/no/[fingerprint])? yes root@k8s-node01's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'root@k8s-node01'" and check to make sure that only the key(s) you wanted were added.
三、验证
[root@k8s-node02 ~]# ssh k8s-master01 Last login: Wed Jun 7 13:59:12 2023 from 192.168.0.75 [root@k8s-master01 ~]# exit logout Connection to k8s-master01 closed.
