ssh免密认证脚本
脚本内容
#安装expect
[root@localhost ~]# yum -y install expect
#脚本
[root@localhost ~]# cat ssh_config.sh
#!/bin/bash
echo "-------------------"
echo "作者:leidazhuang"
echo "时间:2021/3/31"
echo "本脚本用于免密认证"
echo "-------------------"
sleep 1s
#定义变量
IP="192.168.110.40"
USERNAME="root"
PWD="1"
#删除
rm -rf .ssh/* &>/dev/null
#创建一个交互模式进程,作为密钥生成
expect << EOF
set timeout 10s
spawn ssh-keygen -t rsa
expect "(/root/.ssh/id_rsa):" {send "\r"}
expect "passphrase):" {send "\r"}
expect "again: " {send "\r"}
expect "#" {send "\r"}
EOF
#创建一个交互模式进程,作为免密认证
expect << EOF
set timeout 10s
spawn ssh-copy-id ${USERNAME}@${IP}
expect "yes/no" {send "yes\r"}
expect "password:" {send "${PWD}\r"}
expect "#" {send "\r"}
EOF
#测试连接
#创建一个文件
echo "使用IP命令测试是否能够免密登录..."
sleep 1s
ssh ${USERNAME}@${IP} ip a
if [[ $? -eq 0 ]];then
echo "可以使用IP命令,说明连接成功"
echo "正在免密登录..."
echo "接下来是${IP}主机"
ssh ${USERNAME}@${IP}
else
echo "连接失败"
fi
执行脚本
[root@localhost ~]# ./ssh_config.sh
-------------------
作者:leidazhuang
时间:2021/3/31
本脚本用于免密认证
-------------------
spawn ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:8aSSkkH0jLsTc6keP9CyapdbBY2/y0LoKCUw/d015/k root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
| .o |
| . + o |
| . o = o . |
|o . + = =o . |
|.. .*+=.S..+ . |
|. . =B+o.. o |
| o o=*. . . |
|. o.==o. . E |
| o.oo..oo |
+----[SHA256]-----+
spawn ssh-copy-id root@192.168.110.40
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.110.40 (192.168.110.40)' can't be established.
ECDSA key fingerprint is SHA256:6BH7PNs5Uqc0ytCHwiDIUL6GkDuIA28Jyutg4DX8zhM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.110.40's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.110.40'"
and check to make sure that only the key(s) you wanted were added.
使用IP命令测试是否能够免密登录...
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:52:cd:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.110.40/24 brd 192.168.110.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
可以使用IP命令,说明连接成功
正在免密登录...
接下来是192.168.110.40主机
Last login: Thu Apr 1 09:01:47 2021 from 192.168.110.30
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:52:cd:03 brd ff:ff:ff:ff:ff:ff
inet 192.168.110.40/24 brd 192.168.110.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever