shell(49) : 多个服务器批量设置相互免密

写在前面

  • CentOS Linux release 7.9.2009 (Core) 系统已验证
  • 默认root账户, 其他账户无效
  • 创建[auto_mm.sh]必须vi创建文件然后粘贴

1.安装expect

1.1.在线安装

bash 复制代码
yum install -y tcl
yum install -y expect

1.2.离线安装(选其中一个即可)

1.2.1.在能联通公网的机器导出rpm包到不能联通公网的机器安装

参考 shell(30) : yum导出依赖包并离线安装_yum 导出包-CSDN博客

bash 复制代码
repotrack expect

1.2.2.百度网盘下载

待补充 ...

1.2.3.CSDN下载

待补充 ...

2.填下ip和密码信息(填好直接粘贴即可)

bash 复制代码
cat > ips <<'EOF'
192.168.1.1 abc123
192.168.1.2 abc123
EOF

若执行失败则创建ips文件, 填入以下内容

bash 复制代码
192.168.1.1 abc123
192.168.1.2 abc123

3.创建执行脚本 auto_mm.sh , 粘贴以下

bash 复制代码
#!/usr/bin/bash
path="$(cd "$(dirname "$0")" && pwd)"
cd $path

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
  exit
}

cat >create_mm.sh <<'EOF'
ssh-keygen -t rsa -N '' <<EOF
/root/.ssh/id_rsa
yes


\EOF
EOF
sed -i "s#\\\\\EOF#EOF#g" create_mm.sh

rm -rf auto_mm_mys

if ! test -e ips; then
		error "[ips]文件不存在"
fi

echo "-----------------[拉取公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  # 创建ssh秘钥
  expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue}  
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  rs=$(cat auto_mm_rs)
  if [ $rs -eq 0 ]; then
    warning "$ip未创建ssh秘钥, 执行创建ssh秘钥"
    expect <<EOF
     spawn scp create_mm.sh root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    expect <<EOF
     spawn ssh root@$ip "sh /root/create_mm.sh"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    sleep 1s
    expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

    expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    rs=$(cat auto_mm_rs)
    if [ $rs -eq 0 ]; then
      error "[$ip]ssh秘钥创建失败"
    else
      success "[$ip]ssh秘钥创建成功"
    fi
  else
    warning "$ip已创建ssh秘钥"
  fi
  # 拉取ssh公钥
  expect <<EOF
     spawn scp root@$ip:/root/.ssh/id_rsa.pub ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  if ! test -e id_rsa.pub; then
    error "[$ip]ssh公钥拉取失败"
  fi
  cat id_rsa.pub >>auto_mm_mys
  success "[$ip]拉取公钥成功"
done <ips

echo "-----------------[发送公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  expect <<EOF
     spawn scp auto_mm_mys root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  expect <<EOF
     spawn ssh root@$ip "cat /root/auto_mm_mys >> /root/.ssh/authorized_keys"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
done <ips

echo "-----------------[验证]-----------------"
cat >auto_mm_yz.sh <<'EOF'
function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}
EOF

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "ssh $ip -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no \"date\" > /dev/null 2>&1" >>auto_mm_yz.sh
  cat >>auto_mm_yz.sh <<'EOF'
if [ $? -eq 0 ]; then
EOF
  echo "    success \"[local_ip] ====> [$ip]设置免密成功\"" >>auto_mm_yz.sh
  echo "else" >>auto_mm_yz.sh
  echo "    warning \"[local_ip] ====> [$ip]设置免密失败\"" >>auto_mm_yz.sh
  echo "fi" >>auto_mm_yz.sh
done <ips
sed -i "s#local_ip#\$1#g" auto_mm_yz.sh


cat > yz.sh <<'EOF'
#!/usr/bin/bash

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}

function yz() {
  ssh $1 -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no "date" >/dev/null 2>&1
  if [ $? -eq 0 ]; then
    success "=================[$1]配置免密成功================="
    info "验证【[$1]】对所有服务器的免密配置"
    scp auto_mm_yz.sh root@$1:/root
    ssh root@$1 "sh /root/auto_mm_yz.sh $1"
  else
    warning "=================[$1]配置免密失败================="
    expect <<EOF
     spawn scp auto_mm_yz.sh root@$1:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
    info "验证【[$1]】对所有服务器的免密配置"
    expect <<EOF
     spawn ssh root@$1 "sh /root/auto_mm_yz.sh $1"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
  fi
}

EOF
sed -i "s#\\\\\EOF#EOF#g" yz.sh

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "yz $ip $pass" >> yz.sh
done <ips

sh yz.sh

# 清理
rm -rf auto_mm_mys
rm -rf auto_mm_rs
rm -rf auto_mm_yz.sh
rm -rf create_mm.sh
rm -rf id_rsa.pub
rm -rf yz.sh

4.执行脚本

bash 复制代码
sh auto_mm.sh
相关推荐
Peter_chq27 分钟前
【操作系统】基于环形队列的生产消费模型
linux·c语言·开发语言·c++·后端
一坨阿亮1 小时前
Linux 使用中的问题
linux·运维
dsywws2 小时前
Linux学习笔记之vim入门
linux·笔记·学习
幺零九零零3 小时前
【C++】socket套接字编程
linux·服务器·网络·c++
wclass-zhengge3 小时前
Docker篇(Docker Compose)
运维·docker·容器
李启柱4 小时前
项目开发流程规范文档
运维·软件构建·个人开发·设计规范
free4 小时前
netstat中sendq/recvq用于排查发送端发送数据的问题
服务器
小林熬夜学编程5 小时前
【Linux系统编程】第四十一弹---线程深度解析:从地址空间到多线程实践
linux·c语言·开发语言·c++·算法
力姆泰克5 小时前
看电动缸是如何提高农机的自动化水平
大数据·运维·服务器·数据库·人工智能·自动化·1024程序员节
力姆泰克5 小时前
力姆泰克电动缸助力农业机械装备,提高农机的自动化水平
大数据·服务器·数据库·人工智能·1024程序员节