利用shell脚本实现免密认证

ssh免密认证脚本

脚本内容

#安装expect
[root@localhost ~]# yum -y install expect

#脚本
[root@localhost ~]# cat ssh_config.sh 
#!/bin/bash
echo "-------------------"
echo "作者:leidazhuang"
echo "时间:2021/3/31"
echo "本脚本用于免密认证"
echo "-------------------"
sleep 1s

#定义变量
IP="192.168.110.40"
USERNAME="root"
PWD="1"

#删除
rm -rf .ssh/* &>/dev/null

#创建一个交互模式进程,作为密钥生成
expect << EOF
     set timeout 10s
     spawn ssh-keygen -t rsa
     expect "(/root/.ssh/id_rsa):"  {send "\r"}
     expect "passphrase):"          {send "\r"}
     expect "again: "               {send "\r"}
     expect "#"                     {send "\r"}
EOF

#创建一个交互模式进程,作为免密认证
expect << EOF
     set timeout 10s
     spawn ssh-copy-id ${USERNAME}@${IP}
     expect "yes/no"               {send "yes\r"}
     expect "password:"            {send "${PWD}\r"}
     expect "#"                    {send "\r"}
EOF

#测试连接
#创建一个文件
echo "使用IP命令测试是否能够免密登录..."
sleep 1s
ssh ${USERNAME}@${IP} ip a

if [[ $? -eq 0 ]];then
	echo "可以使用IP命令,说明连接成功"
	echo "正在免密登录..."
	echo "接下来是${IP}主机"
	ssh ${USERNAME}@${IP}
else
	echo "连接失败"
fi

执行脚本

[root@localhost ~]# ./ssh_config.sh 
-------------------
作者:leidazhuang
时间:2021/3/31
本脚本用于免密认证
-------------------
spawn ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8aSSkkH0jLsTc6keP9CyapdbBY2/y0LoKCUw/d015/k root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|   .o            |
|   . + o         |
| .  o = o .      |
|o .  + = =o .    |
|.. .*+=.S..+ .   |
|. . =B+o..  o    |
| o o=*. .    .   |
|. o.==o. .    E  |
| o.oo..oo        |
+----[SHA256]-----+
spawn ssh-copy-id root@192.168.110.40
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.110.40 (192.168.110.40)' can't be established.
ECDSA key fingerprint is SHA256:6BH7PNs5Uqc0ytCHwiDIUL6GkDuIA28Jyutg4DX8zhM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.110.40's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.110.40'"
and check to make sure that only the key(s) you wanted were added.

使用IP命令测试是否能够免密登录...
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:52:cd:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.110.40/24 brd 192.168.110.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
可以使用IP命令,说明连接成功
正在免密登录...
接下来是192.168.110.40主机
Last login: Thu Apr  1 09:01:47 2021 from 192.168.110.30
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:52:cd:03 brd ff:ff:ff:ff:ff:ff
    inet 192.168.110.40/24 brd 192.168.110.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
posted @ 2021-04-02 16:29  我爱吃芹菜~  阅读(562)  评论(0编辑  收藏  举报
Title