ssh 四种免密操作
ssh 四种免密操作
启动三台虚拟机 192.168.120.128,192.168.120.129,192.168.120.131,在128机器上执行如下命令,生成公钥
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
chmod 0600 ~/.ssh/authorized_keys
方式1:使用 ssh-copy-id命令
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.129
ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.131
方式2:使用scp命令
scp ~/.ssh/id_rsa.pub root@192.168.120.131:/root/.ssh/authorized_keys
方式1和方式2并不适合多主机(比如几十台或者上百台机器),因为每次传送之前都需要进行密码输入,采用sshpass和expect工具可实现自动化免密操作。
方式3:使用sshpass
- 使用yum 下载并安装sshpass
yum install sshpass
软件使用方法如下
将128机器上的公钥复制给其他两台机器
[root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub root@192.168.120.131:/root/.ssh/authorized_keys
[root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub root@192.168.120.129:/root/.ssh/authorized_keys
方式4:使用交互式命令
- 下载安装expect软件
yum install expect
- 创建测试脚本 vim ssh.sh,脚本内容如下
#!/usr/bin/expect -d
set timeout 30
spawn ssh-copy-id 192.168.120.128
expect {
"*yes/no" {send "yes\r"; exp_continue}
"password:" {send "rootroot\r"}
}
expect eof
- 测试结果如下
[root@bogon home]# ./ssh.sh
expect version 5.45
argv[0] = /usr/bin/expect argv[1] = -d argv[2] = ./ssh.sh
set argc 0
set argv0 "./ssh.sh"
set argv ""
executing commands from command file ./ssh.sh
spawn ssh-copy-id 192.168.120.128
parent: waiting for sync byte
parent: telling child to go ahead
parent: now unsynchronized from child
spawn: returns {1452}
expect: does "" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
Are you sure you want to continue connecting (yes/no)?
expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no)? " (spawn_id exp6) match glob pattern "*yes/no"? yes
expect: set expect_out(0,string) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no"
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"\r\nThe authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.\r\nECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.\r\nECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.\r\nAre you sure you want to continue connecting (yes/no"
send: sending "yes\r" to { exp6 }
expect: continuing expect
expect: does ")? " (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
yes
expect: does ")? yes\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
expect: does ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
expect: does ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n\r\n/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.\r\n\t\t(if you think this is a mistake, you may want to use -f option)\r\n\r\n" (spawn_id exp6) match glob pattern "*yes/no"? no
"password:"? no
expect: read eof
expect: set expect_out(spawn_id) "exp6"
expect: set expect_out(buffer) ")? yes\r\n/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\r\n\r\n/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.\r\n\t\t(if you think this is a mistake, you may want to use -f option)\r\n\r\n"
expect: spawn id exp6 not open
while executing
"expect eof "
(file "./ssh.sh" line 8)