批量SSH key-gen无密码登陆认证脚本
来源:互联网 发布:sql注入布尔型攻击 编辑:程序博客网 时间:2024/06/06 00:55
使用为了让linux之间使用ssh不需要密码,可以采用了数字签名RSA或者DSA来完成。主要使用ssh-key-gen实现。
1.通过 ssh-key-gen 来创建 public and private keys
2.使用ssh-copy-id复制public key 到远程主机
3.无密码登陆远程主机
但对于大规模集群,人工使用ssh-key-gen生成key,再使用ssh-copy-id显然费时费力。对于N台主机,需要进行N次ssh-key-gen,N*N次ssh-copy-id。
为此,写了一个批量SSH key-gen脚本,脚本包括四个文件:keygen_master.sh、keygen_slave.sh、hosts.conf、slaves.conf
项目参见https://github.com/Beckham007/b_keygen
使用方法比较简单。把这四个文件拷贝到主节点上,设置hosts.conf和slaves.conf,然后执行keygen_master.sh即可。
keygen_master.sh在主节点上执行。
#!/bin/shthis="$0"while [ -h "$this" ]; do ls=`ls -ld "$this"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '.*/.*' > /dev/null; then this="$link"else this=`dirname "$this"`/"$link" fidone# init base pathbase=`dirname "$this"`script=`basename "$this"`base=`cd "$base"; pwd`this="$base/$script"slavesh="keygen_slave.sh"slavescript="$base/$slavesh"slaves="$base/slaves.conf"hosts="$base/hosts.conf"# install sshyum install -y openssh* expecteval `ssh-agent`if [ ! -s ~/.ssh/id_dsa ]; then expect -c " spawn ssh-keygen -t dsa expect { \"*y/n*\" {send \"y\r\"; exp_continue} \"*key*\" {send \"\r\"; exp_continue} \"*passphrase*\" {send \"\r\"; exp_continue} \"*again*\" {send \"\r\";} } "fissh-add $HOME/.ssh/id_dsa # Add private key# batch ssh if [ -s $hosts ]; then for p in $(cat $hosts) # do username=$(echo "$p"|cut -f1 -d":") # Get username ip=$(echo "$p"|cut -f2 -d":") # Get ip password=$(echo "$p"|cut -f3 -d":") # Get password id=$HOME/.ssh/id_dsa.pub echo "ssh-copy-id -i $id $username@$ip -P $password" # ssh-copy-id expect -c " spawn ssh-copy-id -i $id $username@$ip expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " donefi# dispath if [ -s $slaves ]; then for p in $(cat $slaves) # do username=$(echo "$p"|cut -f1 -d":") # Get username ip=$(echo "$p"|cut -f2 -d":") # Get ip password=$(echo "$p"|cut -f3 -d":") # Get password id=$HOME/.ssh/id_dsa.pub ssh $username@$ip 'yum install -y openssh*' echo "scp $slavescript $hosts $username@$ip:~/ -P $password" # Dispath to clients expect -c " spawn scp $slavescript $hosts $username@$ip:~/ expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " # ssh to clients echo "ssh $username@$ip 'sh $HOME/keygen_slave.sh'" ssh $username@$ip 'sh $HOME/keygen_slave.sh' donefi
keygen_slave.sh在所有从节点执行。
#!/bin/shthis="$0"while [ -h "$this" ]; do ls=`ls -ld "$this"` link=`expr "$ls" : '.*-> \(.*\)$'` if expr "$link" : '.*/.*' > /dev/null; then this="$link"else this=`dirname "$this"`/"$link" fidone# init base pathbase=`dirname "$this"`script=`basename "$this"`base=`cd "$base"; pwd`this="$base/$script"hosts="$base/hosts.conf"echo $baseecho $scriptecho $thisecho $hosts# install sshyum install -y openssh* expecteval `ssh-agent`if [ ! -s ~/.ssh/id_dsa ]; then expect -c " spawn ssh-keygen -t dsa expect { \"*y/n*\" {send \"y\r\"; exp_continue} \"*key*\" {send \"\r\"; exp_continue} \"*passphrase*\" {send \"\r\"; exp_continue} \"*again*\" {send \"\r\";} } "fissh-add $HOME/.ssh/id_dsa # Add private key# batch ssh if [ -s $hosts ]; then for p in $(cat $hosts) # do username=$(echo "$p"|cut -f1 -d":") # Get username ip=$(echo "$p"|cut -f2 -d":") # Get ip password=$(echo "$p"|cut -f3 -d":") # Get password id=$HOME/.ssh/id_dsa.pub echo $username echo $ip echo $password echo $id # ssh-copy-id expect -c " spawn ssh-copy-id -i $id $username@$ip expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " donefi
hosts.conf中设置所有主机(主节点+从节点),格式为用户名:主机IP:用户密码。
username:master_ip:passwdusername:client1_ip:passwdusername:client2_ip:passwd#root:localhost:000000
slaves.conf中设置所有从主机,格式同hosts.conf用户名:主机IP:用户密码。username:client1_ip:passwdusername:client2_ip:passwd#root:192.168.1.12:000000
下载地址https://github.com/Beckham007/b_keygen/archive/master.zip
以上脚本在天翼云主机 CentOS 6.4 64位上测试成功。
0 0
- 批量SSH key-gen无密码登陆认证脚本
- 批量无密码ssh登陆的shell脚本
- ssh 批量无密码登陆设
- Linux 批量建立信任关系,实现ssh无密码登陆的脚本
- Linux 批量拷贝数据脚本 + ssh 无密码登陆远程LINUX主机
- ssh 信任关系无密码登陆,清除公钥,批量脚本
- ssh无密码登陆
- ssh 无密码登陆
- ssh无密码登陆
- ssh 无密码登陆
- ssh无密码登陆
- ssh 无密码登陆
- SSH 无密码登陆
- ssh无密码登陆
- SSH 无密码登陆
- ssh无密码登陆
- SSH无密码登陆
- ssh无密码登陆
- Hessian矩阵
- windows和linux(ubuntu13.04)双系统安装教程
- java访问远程共享文件
- Windows编程-1-字符和字符串处理相关知识点总结
- 黑马程序员_两种遍历集合的方法Iterator接口和foreach循环
- 批量SSH key-gen无密码登陆认证脚本
- ArcGIS Web API 接入天地图瓦片
- 返回select行數
- 指针篇之十一 函数指针
- Couldn't read row 0, col -1 from CursorWindow. Make sure the Cursor is initialized correctly before
- 推荐给大家一个php代码格式化在线工具
- “ImageCLEF 2012 plant overview” 摘要
- linux tar
- 七个习惯