shell(49) : 多个服务器批量设置相互免密

写在前面

  • CentOS Linux release 7.9.2009 (Core) 系统已验证
  • 默认root账户, 其他账户无效
  • 创建[auto_mm.sh]必须vi创建文件然后粘贴

1.安装expect

1.1.在线安装

bash 复制代码
yum install -y tcl
yum install -y expect

1.2.离线安装(选其中一个即可)

1.2.1.在能联通公网的机器导出rpm包到不能联通公网的机器安装

参考 shell(30) : yum导出依赖包并离线安装_yum 导出包-CSDN博客

bash 复制代码
repotrack expect

1.2.2.百度网盘下载

待补充 ...

1.2.3.CSDN下载

待补充 ...

2.填下ip和密码信息(填好直接粘贴即可)

bash 复制代码
cat > ips <<'EOF'
192.168.1.1 abc123
192.168.1.2 abc123
EOF

若执行失败则创建ips文件, 填入以下内容

bash 复制代码
192.168.1.1 abc123
192.168.1.2 abc123

3.创建执行脚本 auto_mm.sh , 粘贴以下

bash 复制代码
#!/usr/bin/bash
path="$(cd "$(dirname "$0")" && pwd)"
cd $path

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
  exit
}

cat >create_mm.sh <<'EOF'
ssh-keygen -t rsa -N '' <<EOF
/root/.ssh/id_rsa
yes


\EOF
EOF
sed -i "s#\\\\\EOF#EOF#g" create_mm.sh

rm -rf auto_mm_mys

if ! test -e ips; then
		error "[ips]文件不存在"
fi

echo "-----------------[拉取公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  # 创建ssh秘钥
  expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue}  
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  rs=$(cat auto_mm_rs)
  if [ $rs -eq 0 ]; then
    warning "$ip未创建ssh秘钥, 执行创建ssh秘钥"
    expect <<EOF
     spawn scp create_mm.sh root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    expect <<EOF
     spawn ssh root@$ip "sh /root/create_mm.sh"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    sleep 1s
    expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

    expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    rs=$(cat auto_mm_rs)
    if [ $rs -eq 0 ]; then
      error "[$ip]ssh秘钥创建失败"
    else
      success "[$ip]ssh秘钥创建成功"
    fi
  else
    warning "$ip已创建ssh秘钥"
  fi
  # 拉取ssh公钥
  expect <<EOF
     spawn scp root@$ip:/root/.ssh/id_rsa.pub ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  if ! test -e id_rsa.pub; then
    error "[$ip]ssh公钥拉取失败"
  fi
  cat id_rsa.pub >>auto_mm_mys
  success "[$ip]拉取公钥成功"
done <ips

echo "-----------------[发送公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  expect <<EOF
     spawn scp auto_mm_mys root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  expect <<EOF
     spawn ssh root@$ip "cat /root/auto_mm_mys >> /root/.ssh/authorized_keys"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
done <ips

echo "-----------------[验证]-----------------"
cat >auto_mm_yz.sh <<'EOF'
function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}
EOF

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "ssh $ip -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no \"date\" > /dev/null 2>&1" >>auto_mm_yz.sh
  cat >>auto_mm_yz.sh <<'EOF'
if [ $? -eq 0 ]; then
EOF
  echo "    success \"[local_ip] ====> [$ip]设置免密成功\"" >>auto_mm_yz.sh
  echo "else" >>auto_mm_yz.sh
  echo "    warning \"[local_ip] ====> [$ip]设置免密失败\"" >>auto_mm_yz.sh
  echo "fi" >>auto_mm_yz.sh
done <ips
sed -i "s#local_ip#\$1#g" auto_mm_yz.sh


cat > yz.sh <<'EOF'
#!/usr/bin/bash

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}

function yz() {
  ssh $1 -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no "date" >/dev/null 2>&1
  if [ $? -eq 0 ]; then
    success "=================[$1]配置免密成功================="
    info "验证【[$1]】对所有服务器的免密配置"
    scp auto_mm_yz.sh root@$1:/root
    ssh root@$1 "sh /root/auto_mm_yz.sh $1"
  else
    warning "=================[$1]配置免密失败================="
    expect <<EOF
     spawn scp auto_mm_yz.sh root@$1:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
    info "验证【[$1]】对所有服务器的免密配置"
    expect <<EOF
     spawn ssh root@$1 "sh /root/auto_mm_yz.sh $1"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
  fi
}

EOF
sed -i "s#\\\\\EOF#EOF#g" yz.sh

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "yz $ip $pass" >> yz.sh
done <ips

sh yz.sh

# 清理
rm -rf auto_mm_mys
rm -rf auto_mm_rs
rm -rf auto_mm_yz.sh
rm -rf create_mm.sh
rm -rf id_rsa.pub
rm -rf yz.sh

4.执行脚本

bash 复制代码
sh auto_mm.sh
相关推荐
群联云防护小杜29 分钟前
如何给负载均衡平台做好安全防御
运维·服务器·网络·网络协议·安全·负载均衡
PyAIGCMaster1 小时前
ubuntu装P104驱动
linux·运维·ubuntu
奈何不吃鱼1 小时前
【Linux】ubuntu依赖安装的各种问题汇总
linux·运维·服务器
icy、泡芙1 小时前
T527-----音频调试
linux·驱动开发·音视频
aherhuo1 小时前
kubevirt网络
linux·云原生·容器·kubernetes
爱码小白1 小时前
网络编程(王铭东老师)笔记
服务器·网络·笔记
zzzhpzhpzzz1 小时前
Ubuntu如何查看硬件型号
linux·运维·ubuntu
蜜獾云1 小时前
linux firewalld 命令详解
linux·运维·服务器·网络·windows·网络安全·firewalld
陌北v11 小时前
Docker Compose 配置指南
运维·docker·容器·docker-compose
只会copy的搬运工2 小时前
Jenkins 持续集成部署——Jenkins实战与运维(1)
运维·ci/cd·jenkins