shell(49) : 多个服务器批量设置相互免密

写在前面

  • CentOS Linux release 7.9.2009 (Core) 系统已验证
  • 默认root账户, 其他账户无效
  • 创建[auto_mm.sh]必须vi创建文件然后粘贴

1.安装expect

1.1.在线安装

bash 复制代码
yum install -y tcl
yum install -y expect

1.2.离线安装(选其中一个即可)

1.2.1.在能联通公网的机器导出rpm包到不能联通公网的机器安装

参考 shell(30) : yum导出依赖包并离线安装_yum 导出包-CSDN博客

bash 复制代码
repotrack expect

1.2.2.百度网盘下载

待补充 ...

1.2.3.CSDN下载

待补充 ...

2.填下ip和密码信息(填好直接粘贴即可)

bash 复制代码
cat > ips <<'EOF'
192.168.1.1 abc123
192.168.1.2 abc123
EOF

若执行失败则创建ips文件, 填入以下内容

bash 复制代码
192.168.1.1 abc123
192.168.1.2 abc123

3.创建执行脚本 auto_mm.sh , 粘贴以下

bash 复制代码
#!/usr/bin/bash
path="$(cd "$(dirname "$0")" && pwd)"
cd $path

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
  exit
}

cat >create_mm.sh <<'EOF'
ssh-keygen -t rsa -N '' <<EOF
/root/.ssh/id_rsa
yes


\EOF
EOF
sed -i "s#\\\\\EOF#EOF#g" create_mm.sh

rm -rf auto_mm_mys

if ! test -e ips; then
		error "[ips]文件不存在"
fi

echo "-----------------[拉取公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  # 创建ssh秘钥
  expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue}  
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

  rs=$(cat auto_mm_rs)
  if [ $rs -eq 0 ]; then
    warning "$ip未创建ssh秘钥, 执行创建ssh秘钥"
    expect <<EOF
     spawn scp create_mm.sh root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    expect <<EOF
     spawn ssh root@$ip "sh /root/create_mm.sh"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    sleep 1s
    expect <<EOF
     spawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF

    expect <<EOF
     spawn scp root@$ip:/root/auto_mm_rs ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
    rs=$(cat auto_mm_rs)
    if [ $rs -eq 0 ]; then
      error "[$ip]ssh秘钥创建失败"
    else
      success "[$ip]ssh秘钥创建成功"
    fi
  else
    warning "$ip已创建ssh秘钥"
  fi
  # 拉取ssh公钥
  expect <<EOF
     spawn scp root@$ip:/root/.ssh/id_rsa.pub ./
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  if ! test -e id_rsa.pub; then
    error "[$ip]ssh公钥拉取失败"
  fi
  cat id_rsa.pub >>auto_mm_mys
  success "[$ip]拉取公钥成功"
done <ips

echo "-----------------[发送公钥]-----------------"
while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  expect <<EOF
     spawn scp auto_mm_mys root@$ip:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
  expect <<EOF
     spawn ssh root@$ip "cat /root/auto_mm_mys >> /root/.ssh/authorized_keys"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$pass\n"}
       }
       expect eof
EOF
done <ips

echo "-----------------[验证]-----------------"
cat >auto_mm_yz.sh <<'EOF'
function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}
EOF

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "ssh $ip -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no \"date\" > /dev/null 2>&1" >>auto_mm_yz.sh
  cat >>auto_mm_yz.sh <<'EOF'
if [ $? -eq 0 ]; then
EOF
  echo "    success \"[local_ip] ====> [$ip]设置免密成功\"" >>auto_mm_yz.sh
  echo "else" >>auto_mm_yz.sh
  echo "    warning \"[local_ip] ====> [$ip]设置免密失败\"" >>auto_mm_yz.sh
  echo "fi" >>auto_mm_yz.sh
done <ips
sed -i "s#local_ip#\$1#g" auto_mm_yz.sh


cat > yz.sh <<'EOF'
#!/usr/bin/bash

function info() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "$DATE_N|INFO|$@ "
}

function warning() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}

function success() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}

function error() {
  DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)
  echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}

function yz() {
  ssh $1 -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no "date" >/dev/null 2>&1
  if [ $? -eq 0 ]; then
    success "=================[$1]配置免密成功================="
    info "验证【[$1]】对所有服务器的免密配置"
    scp auto_mm_yz.sh root@$1:/root
    ssh root@$1 "sh /root/auto_mm_yz.sh $1"
  else
    warning "=================[$1]配置免密失败================="
    expect <<EOF
     spawn scp auto_mm_yz.sh root@$1:/root
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
    info "验证【[$1]】对所有服务器的免密配置"
    expect <<EOF
     spawn ssh root@$1 "sh /root/auto_mm_yz.sh $1"
       expect {
            "yes/no" { send "yes\n";exp_continue} 
            "password" { send "$2\n"}
       }
       expect eof
\EOF
  fi
}

EOF
sed -i "s#\\\\\EOF#EOF#g" yz.sh

while read line; do
  ip=$(echo $line | awk '{print $1}')
  pass=$(echo $line | awk '{print $2}')
  echo "yz $ip $pass" >> yz.sh
done <ips

sh yz.sh

# 清理
rm -rf auto_mm_mys
rm -rf auto_mm_rs
rm -rf auto_mm_yz.sh
rm -rf create_mm.sh
rm -rf id_rsa.pub
rm -rf yz.sh

4.执行脚本

bash 复制代码
sh auto_mm.sh
相关推荐
天狼122210 分钟前
第5章-1 优化服务器设置
运维·服务器·adb
傻啦嘿哟1 小时前
Python正则表达式:用“模式密码“解锁复杂字符串
linux·数据库·mysql
浪裡遊3 小时前
Linux常用指令
linux·运维·服务器·chrome·功能测试
SugarPPig3 小时前
PowerShell 查询及刷新环境变量
服务器
段ヤシ.4 小时前
银河麒麟(内核CentOS8)安装rbenv、ruby2.6.5和rails5.2.6
linux·centos·银河麒麟·rbenv·ruby2.6.5·rails 5.2.6
深夜情感老师5 小时前
centos离线安装ssh
linux·centos·ssh
我的作业错错错6 小时前
搭建私人网站
服务器·阿里云·私人网站
王景程6 小时前
如何测试短信接口
java·服务器·前端
微网兔子7 小时前
伺服器用什么语言开发呢?做什么用什么?
服务器·c++·后端·游戏
夸克App7 小时前
实现营销投放全流程自动化 超级汇川推出信息流智能投放产品“AI智投“
运维·人工智能·自动化