分享一个用ssh打通一批服务器的方法,一共有下面几个文件:
HstUsrPwdFile=hup.dat
rm -f ~/.ssh/id_rsa*
keygenbin=`whereis ssh-keygen|awk '{print $2}'`
./sshkey $keygenbin
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
while read hupline
do
#./nscp $hupline ~/.ssh/authorized_keys
./nscp $hupline ~/.ssh/id_rsa.pub
done < $HstUsrPwdFile
Readme 使用说明
hup.dat 存放要打通机器的用户、密码、ip地址
auth.sh 主脚本
nscp expect脚本,被auth.sh调用,用来在远程执行的时候输入密码
下补充一下ssh打通的知识,有几个重要的点:
- 在~/.ssh 的目录下面运行: ssh-keygen -t rsa 然后一路回车。这一步是为了生成id_rsa.pub(公钥),id_rsa(私钥)
- 然后把公钥拷贝到其他的服务器上
- 有一点要特别注意,就是:你必须要有对方的/home/admin目录的x权限。chmod +x /home/admin
下面是Readme:
Write your host,username and password in file "hup.dat".
Format as:
10.20.13.19 root hell05a
Run script "auth.sh" to install authorized_keys to the hosts.
Then you can use "ssh username@host" to the remote server without login.
Notice:
The script can not run without Tcl & Expect. So you should install Tcl & Expect first.
example of Tcl8.4.19 & Expect5.43:
Login as root.
Input the command for setup:
wget http://prdownloads.sourceforge.net/tcl/tcl8.4.19-src.tar.gz
wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz/download
tar -xzf tcl8.4.19-src.tar.gz
tar -xzf expect5.45.tar.gz
cd tcl8.4.19
cd unix/
./configure --prefix=/home/admin/local
make -j 8
make install
cd http://www.cnblogs.com/expect5.45/
./configure --with-tclinclude=../tcl8.4.19/generic/ --prefix=/home/admin/local
make -j 8
make install
10.20.13.19 root hell05a
Run script "auth.sh" to install authorized_keys to the hosts.
Then you can use "ssh username@host" to the remote server without login.
Notice:
The script can not run without Tcl & Expect. So you should install Tcl & Expect first.
example of Tcl8.4.19 & Expect5.43:
Login as root.
Input the command for setup:
wget http://prdownloads.sourceforge.net/tcl/tcl8.4.19-src.tar.gz
wget http://sourceforge.net/projects/expect/files/Expect/5.45/expect5.45.tar.gz/download
tar -xzf tcl8.4.19-src.tar.gz
tar -xzf expect5.45.tar.gz
cd tcl8.4.19
cd unix/
./configure --prefix=/home/admin/local
make -j 8
make install
cd http://www.cnblogs.com/expect5.45/
./configure --with-tclinclude=../tcl8.4.19/generic/ --prefix=/home/admin/local
make -j 8
make install
auth.sh的内容是:
#!/bin/sh
HstUsrPwdFile=hup.dat
rm -f ~/.ssh/id_rsa*
keygenbin=`whereis ssh-keygen|awk '{print $2}'`
./sshkey $keygenbin
cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
while read hupline
do
#./nscp $hupline ~/.ssh/authorized_keys
./nscp $hupline ~/.ssh/id_rsa.pub
done < $HstUsrPwdFile
nscp的内容是:
#!/usr/bin/expect -f
set hostname [lindex $argv 0];
set username [lindex $argv 1];
set password [lindex $argv 2];
set filepath [lindex $argv 3];
set timeout 100;
spawn scp -r $filepath $username@$hostname:~/.ssh/; #这里的目的是用scp把本地生成的公钥发送到到目标机器
expect {
"yes/no" { send "yes\r";exp_continue };
"password:" { send "$password\r" };
};
expect "]*";
spawn ssh $username@$hostname cat $filepath >> ~/.ssh/authorized_keys #这里的目的是把发送过去的公钥文件追加到对方机器的authorized_keys里面
expect {
"yes/no" { send "yes\r";exp_continue };
"password:" { send "$password\r" };
};
expect "]*";
set username [lindex $argv 1];
set password [lindex $argv 2];
set filepath [lindex $argv 3];
set timeout 100;
spawn scp -r $filepath $username@$hostname:~/.ssh/; #这里的目的是用scp把本地生成的公钥发送到到目标机器
expect {
"yes/no" { send "yes\r";exp_continue };
"password:" { send "$password\r" };
};
expect "]*";
spawn ssh $username@$hostname cat $filepath >> ~/.ssh/authorized_keys #这里的目的是把发送过去的公钥文件追加到对方机器的authorized_keys里面
expect {
"yes/no" { send "yes\r";exp_continue };
"password:" { send "$password\r" };
};
expect "]*";
附SSH打通基本知识普及:
如果需要在Linux中通过SSH进行远程登录,一般是需要输入密码,但只要将SSH之间的权限打通,便可以实现无密码登录。这对自动化shell脚本的实现有很大的帮助。其实现方案如下:
1.本地机器
cd ~/.ssh/
ssh-keygen -t rsa
执行如下操作后,你会得到id_dsa.pub,也就是所谓的公钥。
2.远程机器
cd ~/.ssh/
将得到的id_dsa.pub文件中的内容复制到authorized_keys中。其中需要注意的是id_dsa.pub是一行文字,如果使用vi查看后复制会导致,在authorized_keys中出现回车符,最好的办法是cat出来在复制到authorized_keys里面。
这样可以从本地机器SSH访问远程机器不需要输入密码,相当于远程机器有了本地机器的"通行证",访问时就不需要验证了。但要记住这只是你所登录的用户可以这样访问,其他用户必须再次进行如上操作。如需双方都权限都打通,上述操作反过来实现即可。
