ssh非交互式密钥分发 一、用户名和密码相同的情况 原文地址:https://yq.aliyun.com/articles/337907 原文脚本有些问题,我重新修改了一下 1、安装sshpass,负责免交互式登陆ssh,如果要深入了解,看下面的链接 https://linux.cn/article-8086-1.html [[email protected] ~]# yum install -y sshpass Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.cn99.com base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 updates | 3.4 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package sshpass.x86_64 0:1.06-2.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================================================================================================================================================================ Installing: sshpass x86_64 1.06-2.el7 extras 21 k Transaction Summary ============================================================================================================================================================================================================================================================================================================================================ Install 1 Package Total download size: 21 k Installed size: 38 k Downloading packages: sshpass-1.06-2.el7.x86_64.rpm | 21 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : sshpass-1.06-2.el7.x86_64 1/1 Verifying : sshpass-1.06-2.el7.x86_64 1/1 Installed: sshpass.x86_64 0:1.06-2.el7 Complete!
2、编写脚本,这是原作者的脚本 [[email protected] ~]# vim sshpass.sh [[email protected] ~]# cat sshpass.sh #!/bin/bash passwd=123456 IP_ADDR="211 212 213 214 215 216 217 218" . /etc/init.d/functions # 一键生成密钥 if ! [ -f ~/.ssh/id_dsa.pub ];then ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 echo -e "\033[32m======Local=========\033[0m" action "Generate the key!" /bin/true fi # 批量发送密钥 for i in $IP_ADDR;do sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 192.168.0.${i}" >/dev/null 2>&1 if [ $? == 0 ];then echo -e "\033[32m=========`ssh 192.168.0.$i hostname`==========\033[0m" action "发送成功!!!" /bin/true else echo -e "\033[31m======192.168.0.$i=======\033[0m" action "发送失败!!!" /bin/false fi done
[[email protected] ~]# sh sshpass.sh ======Local========= Generate the key! [ OK ] ======192.168.0.211======= 发送失败!!! [FAILED] ======192.168.0.212======= 发送失败!!! [FAILED] ======192.168.0.213======= 发送失败!!! [FAILED] ======192.168.0.214======= 发送失败!!! [FAILED] ======192.168.0.215======= 发送失败!!! [FAILED] ======192.168.0.216======= 发送失败!!! [FAILED] ======192.168.0.217======= 发送失败!!! [FAILED] ======192.168.0.218======= 发送失败!!! [FAILED] [[email protected] ~]# cat /root/.ssh/id_dsa.pub ssh-dss AAAAB3NzaC1kc3MAAACBAPmHGEIyHpwfdA0qi6HCFx07jR/fzOobZZOPaTDz0lArG7lZflRS6AYCm5IXOxGidqxZNmAcuqKXX8Yk5SHZAk97rXCrOQ+k1JnUEZdsebgzgo8IfkwEWI4D90EI8mAOU3CLohD1NHuJQy1U2MDcbzmVN/G12UasAFJ14QIlDp3RAAAAFQCsGckfliC1/INFi/m8uT0rmmJBGwAAAIAZP021s+4nhvKgT3cc/aWCwAHVzVzH0JTUjia/1bYKSF+NCdWC/NBwELt9gXhwMPgCPOnPtsfLHfMMclPMcFUq7Qxyb2u6ir1iAyjXCCBiRiZ1fe3nZyz1BZ/zgAzWy+LhmGWyYIQ06xthOuD3yk28XzQjbXjEQHeiLqNu450EPQAAAIEA1hOp/OPhLRa95rBJP2rKxXn3+ahmzpgwMhy3wqgBLGeTmwcneLDALS/rYeA+W0+PTnVuMYiEaKlOdeaNOJmgfXqc7iL5GJGcuOY4ur9SpishIjkyVP3z8MkrsjjPIA5rclXlaUI1SjPZlNAVc7a6hhCQADIopLA86SAjwGqJgzo= [email protected]
运行报错,单独运行一下试试 [[email protected] ~]# sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub "-o StrictHostKeyChecking=no 192.168.0.212" sshpass: invalid option -- 'i' Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters -f filename Take password to use from file -d number Use number as file descriptor for getting password -p password Provide password as argument (security unwise) -e Password is passed as env-var "SSHPASS" With no parameters - password will be taken from stdin -P prompt Which string should sshpass search for to detect a password prompt -v Be verbose about what you're doing -h Show help (this screen) -V Print version information At most one of -f, -d, -p or -e should be used
这是原作者的一个出错,是-o选项的格式没有写对,应该是下面的格式 [[email protected] ~]# ssh-copy-id -i /root/.ssh/id_dsa.pub -o "StrictHostKeyChecking=no" [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_dsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password:
3、重新编辑脚本 [[email protected] ~]# cat sshpass.sh #!/bin/bash passwd=123456 IP_ADDR="211 212 213 214 215 216 217 218" . /etc/init.d/functions # 一键生成密钥 if ! [ -f ~/.ssh/id_dsa.pub ];then ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 echo -e "\033[32m======Local=========\033[0m" action "Generate the key!" /bin/true fi # 批量发送密钥 for i in $IP_ADDR;do sshpass -p$passwd ssh-copy-id -i /root/.ssh/id_dsa.pub -o "StrictHostKeyChecking=no" 192.168.0.${i} >/dev/null 2>&1 if [ $? == 0 ];then echo -e "\033[32m=========`ssh 192.168.0.$i hostname`==========\033[0m" action "发送成功!!!" /bin/true else echo -e "\033[31m======192.168.0.$i=======\033[0m" action "发送失败!!!" /bin/false fi done
4、执行和验证,现在对了 [[email protected] ~]# sh sshpass.sh =========n1========== 发送成功!!! [ OK ] =========n2========== 发送成功!!! [ OK ] =========n3========== 发送成功!!! [ OK ] =========n4========== 发送成功!!! [ OK ] =========n5========== 发送成功!!! [ OK ] =========n6========== 发送成功!!! [ OK ] =========n7========== 发送成功!!! [ OK ] =========n8========== 发送成功!!! [ OK ]
二、用户名和密码不相同的情况
原文地址:https://www.cnblogs.com/panchong/p/6027138.html
上面的脚本是远程主机的密码都是相同,在命令行将密码硬编码写死,如果每台主机的密码不一样,可以将密码记录在remote-hosts文件中,通过cut命令分割,可以分别获得主机的IP地址或域名和对应的密码,当然如果ssh的端口号不是默认的22,也可以一并记录。如下列格式:
10.10.10.10:2222:YOURPASSWORD
可将上面的脚本稍做修改:
因为ssh-copy-id使用非默认端口时,需要加双引号,没有找到地的办法,取了个巧,先将整个命令放至一个临时文件。再执行该临时文件,执行之后,再删除。
for host in $(cat remote-hosts) do ip=$(echo ${host} | cut -f1 -d ":") port=$(echo ${host} | cut -f2 -d ":") password=$(echo ${host} | cut -f3 -d ":") arg=$(echo -p ${port} -o StrickHostKeyChecking=no [email protected]${ip}) echo sshpass -p ${password} ssh-copy-id '"'${arg}'"' >> tmp.sh done sh tmm.sh rm -f tmp.sh