ssh非交互式密钥分发

发表于2019年7月16日wooder 
ssh非交互式密钥分发
一、用户名和密码相同的情况
原文地址:https://yq.aliyun.com/articles/337907
原文脚本有些问题,我重新修改了一下
1、安装sshpass,负责免交互式登陆ssh,如果要深入了解,看下面的链接
https://linux.cn/article-8086-1.html
[root@n0 ~]# yum install -y sshpass
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.cn99.com
base | 3.6 kB 00:00:00 
extras | 3.4 kB 00:00:00 
updates | 3.4 kB 00:00:00 
Resolving Dependencies
--> Running transaction check
---> Package sshpass.x86_64 0:1.06-2.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================================================================================================================================================================
Installing:
sshpass x86_64 1.06-2.el7 extras 21 k

Transaction Summary
============================================================================================================================================================================================================================================================================================================================================
Install 1 Package

Total download size: 21 k
Installed size: 38 k
Downloading packages:
sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00 
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : sshpass-1.06-2.el7.x86_64 1/1 
Verifying : sshpass-1.06-2.el7.x86_64 1/1

Installed:
sshpass.x86_64 0:1.06-2.el7

Complete!
2、编写脚本,这是原作者的脚本
[root@n0 ~]# vim sshpass.sh
[root@n0 ~]# cat sshpass.sh 
#!/bin/bash
passwd=123456
IP_ADDR="211 212 213 214 215 216 217 218"
. /etc/init.d/functions
# 一键生成密钥
if ! [ -f ~/.ssh/id_dsa.pub ];then
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 
echo -e "\033[32m======Local=========\033[0m"
action "Generate the key!" /bin/true
fi

# 批量发送密钥
for i in $IP_ADDR;do
sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 192.168.0.${i}" >/dev/null 2>&1

if [ $? == 0 ];then
echo -e "\033[32m=========`ssh 192.168.0.$i hostname`==========\033[0m"
action "发送成功!!!" /bin/true
else
echo -e "\033[31m======192.168.0.$i=======\033[0m"
action "发送失败!!!" /bin/false
fi
done
[root@n0 ~]# sh sshpass.sh 
======Local=========
Generate the key! [ OK ]
======192.168.0.211=======
发送失败!!! [FAILED]
======192.168.0.212=======
发送失败!!! [FAILED]
======192.168.0.213=======
发送失败!!! [FAILED]
======192.168.0.214=======
发送失败!!! [FAILED]
======192.168.0.215=======
发送失败!!! [FAILED]
======192.168.0.216=======
发送失败!!! [FAILED]
======192.168.0.217=======
发送失败!!! [FAILED]
======192.168.0.218=======
发送失败!!! [FAILED]
[root@n0 ~]# cat /root/.ssh/id_dsa.pub 
ssh-dss AAAAB3NzaC1kc3MAAACBAPmHGEIyHpwfdA0qi6HCFx07jR/fzOobZZOPaTDz0lArG7lZflRS6AYCm5IXOxGidqxZNmAcuqKXX8Yk5SHZAk97rXCrOQ+k1JnUEZdsebgzgo8IfkwEWI4D90EI8mAOU3CLohD1NHuJQy1U2MDcbzmVN/G12UasAFJ14QIlDp3RAAAAFQCsGckfliC1/INFi/m8uT0rmmJBGwAAAIAZP021s+4nhvKgT3cc/aWCwAHVzVzH0JTUjia/1bYKSF+NCdWC/NBwELt9gXhwMPgCPOnPtsfLHfMMclPMcFUq7Qxyb2u6ir1iAyjXCCBiRiZ1fe3nZyz1BZ/zgAzWy+LhmGWyYIQ06xthOuD3yk28XzQjbXjEQHeiLqNu450EPQAAAIEA1hOp/OPhLRa95rBJP2rKxXn3+ahmzpgwMhy3wqgBLGeTmwcneLDALS/rYeA+W0+PTnVuMYiEaKlOdeaNOJmgfXqc7iL5GJGcuOY4ur9SpishIjkyVP3z8MkrsjjPIA5rclXlaUI1SjPZlNAVc7a6hhCQADIopLA86SAjwGqJgzo= root@n0

 

运行报错,单独运行一下试试
[root@n0 ~]# sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 192.168.0.212"
sshpass: invalid option -- 'i'
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin

-P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you're doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be used

 

这是原作者的一个出错,是-o选项的格式没有写对,应该是下面的格式
[root@n0 ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub -o "StrictHostKeyChecking=no" [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:

 

3、重新编辑脚本
[root@n0 ~]# cat sshpass.sh 
#!/bin/bash
passwd=123456
IP_ADDR="211 212 213 214 215 216 217 218"
. /etc/init.d/functions
# 一键生成密钥
if ! [ -f ~/.ssh/id_dsa.pub ];then
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 
echo -e "\033[32m======Local=========\033[0m"
action "Generate the key!" /bin/true
fi

# 批量发送密钥
for i in $IP_ADDR;do
sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub -o "StrictHostKeyChecking=no" 192.168.0.${i} >/dev/null 2>&1

if [ $? == 0 ];then
echo -e "\033[32m=========`ssh 192.168.0.$i hostname`==========\033[0m"
action "发送成功!!!" /bin/true
else
echo -e "\033[31m======192.168.0.$i=======\033[0m"
action "发送失败!!!" /bin/false
fi
done

 

4、执行和验证,现在对了
[root@n0 ~]# sh sshpass.sh 
=========n1==========
发送成功!!! [ OK ]
=========n2==========
发送成功!!! [ OK ]
=========n3==========
发送成功!!! [ OK ]
=========n4==========
发送成功!!! [ OK ]
=========n5==========
发送成功!!! [ OK ]
=========n6==========
发送成功!!! [ OK ]
=========n7==========
发送成功!!! [ OK ]
=========n8==========
发送成功!!! [ OK ]

 

二、用户名和密码不相同的情况
原文地址:https://www.cnblogs.com/panchong/p/6027138.html
上面的脚本是远程主机的密码都是相同,在命令行将密码硬编码写死,如果每台主机的密码不一样,可以将密码记录在remote-hosts文件中,通过cut命令分割,可以分别获得主机的IP地址或域名和对应的密码,当然如果ssh的端口号不是默认的22,也可以一并记录。如下列格式:


10.10.10.10:2222:YOURPASSWORD

可将上面的脚本稍做修改:

因为ssh-copy-id使用非默认端口时,需要加双引号,没有找到地的办法,取了个巧,先将整个命令放至一个临时文件。再执行该临时文件,执行之后,再删除。

 

for host in $(cat remote-hosts)
do
ip=$(echo ${host} | cut -f1 -d ":")
port=$(echo ${host} | cut -f2 -d ":")
password=$(echo ${host} | cut -f3 -d ":")
  arg=$(echo -p ${port} -o StrickHostKeyChecking=no root@${ip})
  echo sshpass -p ${password} ssh-copy-id '"'${arg}'"' >> tmp.sh
done
sh tmm.sh
rm -f tmp.sh
此条目发表在ssh分类目录,贴了标签。将固定链接加入收藏夹。

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注