expect实现脚本的非交互

shell脚本之expect实现脚本的非交互_第1张图片

expect实现非交互SSH密码验证

sshpass实现非交互SSH密码验证

expect可以实现自动应答,实现非交互

[root@linux1 ~]# yum install -y expect

expect中的命令:

  • spawn 启动新的进程
  • send 用于向新进程发送字符串
  • expect 从进程接收字符串
  • interact 允许用户交互
  • exp_continue 匹配多个字符串在执行动作后加此命令

expect -d auto.exp可以输出调试信息

一、正常连接一个linux服务器,过程:

输入ssh ip --> 输入yes --> 输入密码

shell脚本之expect实现脚本的非交互_第2张图片

expect脚本

[root@linux1 ~]# cat autossh.exp 
#!/usr/bin/expect

set timeout 10
set ip 192.168.38.200  
set username qqq
set passwd 123456
#spwan启动新的进程,执行ssh [email protected]
spawn ssh $username@$ip
    expect {
        #表示匹配到yer/no时就发送字符串yes\n到该进程里
        "yes/no" { send "yes\n";exp_continue } 
        #匹配到passwd时就发送123456\n到进程里
        "password" { send "$passwd\n" }
    }
#interact 执行完成后保持交互状态,把控制权交给控制台,这个时候就可以手工操作了。如果没有这一句登录完成后会退出,而不是留在远程终端上。
interact

执行效果

[root@linux1 ~]# chmod +x autossh.exp 
[root@linux1 ~]# ./autossh.exp 
spawn ssh [email protected]
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Last login: Mon Aug 26 06:02:43 2019 from 192.168.38.123

二、位置参数:

识别位置参数

expect脚本

[root@linux1 ~]# cat autossh.exp 
#!/usr/bin/expect

set timeout 10
set ip [lindex $argv 0]
set username [lindex $argv 1]
set passwd [lindex $argv 2]
#spwan启动新的进程,执行ssh [email protected]
spawn ssh $username@$ip
    expect {
        #表示匹配到yer/no时就发送字符串yes\n到该进程里
        "yes/no" { send "yes\n";exp_continue } 
        #匹配到passwd时就发送123456\n到进程里
        "password" { send "$passwd\n" }
    }
#interact 执行完成后保持交互状态,把控制权交给控制台,这个时候就可以手工操作了。如果没有这一句登录完成后会退出,而不是留在远程终端上。
interact

执行效果:

[root@linux1 ~]# ./autossh.exp 192.168.38.200 qqq 123456
spawn ssh [email protected]
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Last login: Mon Aug 26 06:04:50 2019 from 192.168.38.123
[qqq@switch ~]$ 

二、ssh-copy-id自动拷贝公钥

服务端生成密钥

[root@linux1 ~]# ssh-keygen -C "linux1" -t rsa -N "" -f ~/.ssh/id_rsa

expect脚本

[root@linux1 ~]# cat autocopy.exp 
#!/usr/bin/expect

set timeout 5
set user_hostname [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh-copy-id $user_hostname
    expect {
        "yes/no" { send "yes\n";exp_continue }
        "password" { send "$password\n" }
    }
#expect eof表示脚本执行完后退出程序,不进行交互式输入,interact表示程序执行完后进行交互式输入,不推出
expect eof

执行效果

[root@linux1 ~]# ./autocopy.exp  [email protected] 123456
spawn ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

目标主机查看是不是加上了:

[qqq@switch ~]$ cat .ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd7zmYNV89sGYcW6Iy4jucPSmlRH7G2T3bm0rNDD5L/ck6c5dL3MKErjIUlGdw3nPvrwRA6+AKXHkW28vh2iTPnkmvy/g5QpGDX0DSIj9E+gNz9CKn8Qs5XRFsYrkPfuor5Qt4RMn0l27gSnOMDMethmFa6hlWeBeYGlXIk1wuqtRhFFlyduQxc9l+5pFsfh0tDVRcmKqxD7kvy32TLU9yQrZ7rw0M7IRaWQt69gh8vl+psHFrBSWINtNPw2OTmXqwnc0cAIi/aZXdt8S/Q7A5E2NT9I7Xz9IUoJqYfJixI1miU6r4K2M/0eKNmktg9T15fqWunElqQTUZWJXsWuhT linux1

sshpass

该工具也可以实现非交互式SSH密码验证

参考:https://www.cnblogs.com/chenlaichao/p/7727554.html(该文章有点小问题)

一、安装sshpass(epel源中)

[root@linux1 ~]# yum install -y sshpass

二、用法介绍

-p password

# -o StrictHostKeyChecking=no是ssh的选项,还挺管用的,我不加这个就执行失败了。很有必要,网上说是自动信任主机并加入know_hosts主机
# https://www.cnblogs.com/Peter2014/p/8250119.html
[root@linux1 ~]# sshpass -p 123456 ssh [email protected] -o StrictHostKeyChecking=no
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
Last login: Tue Aug 27 03:33:23 2019
[qqq@switch ~]$

脚本如下,执行成功

[root@linux1 ~]# cat sshpass.sh
#!/bin/bash

user_hostname=$1
password=$2
sshpass -p ${password} ssh ${user_hostname} -o StrictHostKeyChecking=no
[root@linux1 ~]# bash sshpass.sh [email protected] 123456
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
Last login: Tue Aug 27 03:52:17 2019 from 192.168.38.123
[qqq@switch ~]$ 

sshpass实现自动发送密钥

一、生成密钥

[root@linux1 ~]# ssh-keygen -C "linux1" -t rsa -N "" -f ~/.ssh/id_rsa

二、脚本

[root@linux1 ~]# cat ssh_copy.sh 
#!/bin/bash
IP="192.168.38.200"
PASSWORD="123456"
USER="root"
for node in ${IP};do
    sshpass -p ${PASSWORD} ssh-copy-id ${USER}@${node} -o StrictHostKeyChecking=no
    if [ "$?" -eq 0 ];then
        echo "${node} 密钥copy完成"
    else
        echo "${node} 密钥copy失败"
        exit 10
    fi
done

三、执行脚本

[root@linux1 ~]# bash ssh_copy.sh 
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
        (if you think this is a mistake, you may want to use -f option)

192.168.38.200 密钥copy完成
#连接试一试,没问题
[root@linux1 ~]# ssh [email protected] 
Last failed login: Tue Aug 27 03:57:42 CST 2019 from 192.168.38.123 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Tue Aug 27 03:33:07 2019 from 192.168.38.1
[root@switch ~]# logout