expect实现脚本的非交互
expect实现非交互SSH密码验证
sshpass实现非交互SSH密码验证
expect可以实现自动应答,实现非交互
[root@linux1 ~]# yum install -y expect
expect中的命令:
- spawn 启动新的进程
- send 用于向新进程发送字符串
- expect 从进程接收字符串
- interact 允许用户交互
- exp_continue 匹配多个字符串在执行动作后加此命令
expect -d auto.exp可以输出调试信息
一、正常连接一个linux服务器,过程:
输入ssh ip --> 输入yes --> 输入密码
expect脚本
[root@linux1 ~]# cat autossh.exp
#!/usr/bin/expect
set timeout 10
set ip 192.168.38.200
set username qqq
set passwd 123456
#spwan启动新的进程,执行ssh [email protected]
spawn ssh $username@$ip
expect {
#表示匹配到yer/no时就发送字符串yes\n到该进程里
"yes/no" { send "yes\n";exp_continue }
#匹配到passwd时就发送123456\n到进程里
"password" { send "$passwd\n" }
}
#interact 执行完成后保持交互状态,把控制权交给控制台,这个时候就可以手工操作了。如果没有这一句登录完成后会退出,而不是留在远程终端上。
interact
执行效果
[root@linux1 ~]# chmod +x autossh.exp
[root@linux1 ~]# ./autossh.exp
spawn ssh [email protected]
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Mon Aug 26 06:02:43 2019 from 192.168.38.123
二、位置参数:
识别位置参数
expect脚本
[root@linux1 ~]# cat autossh.exp
#!/usr/bin/expect
set timeout 10
set ip [lindex $argv 0]
set username [lindex $argv 1]
set passwd [lindex $argv 2]
#spwan启动新的进程,执行ssh [email protected]
spawn ssh $username@$ip
expect {
#表示匹配到yer/no时就发送字符串yes\n到该进程里
"yes/no" { send "yes\n";exp_continue }
#匹配到passwd时就发送123456\n到进程里
"password" { send "$passwd\n" }
}
#interact 执行完成后保持交互状态,把控制权交给控制台,这个时候就可以手工操作了。如果没有这一句登录完成后会退出,而不是留在远程终端上。
interact
执行效果:
[root@linux1 ~]# ./autossh.exp 192.168.38.200 qqq 123456
spawn ssh [email protected]
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
[email protected]'s password:
Last login: Mon Aug 26 06:04:50 2019 from 192.168.38.123
[qqq@switch ~]$
二、ssh-copy-id自动拷贝公钥
服务端生成密钥
[root@linux1 ~]# ssh-keygen -C "linux1" -t rsa -N "" -f ~/.ssh/id_rsa
expect脚本
[root@linux1 ~]# cat autocopy.exp
#!/usr/bin/expect
set timeout 5
set user_hostname [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh-copy-id $user_hostname
expect {
"yes/no" { send "yes\n";exp_continue }
"password" { send "$password\n" }
}
#expect eof表示脚本执行完后退出程序,不进行交互式输入,interact表示程序执行完后进行交互式输入,不推出
expect eof
执行效果
[root@linux1 ~]# ./autocopy.exp [email protected] 123456
spawn ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.38.200 (192.168.38.200)' can't be established.
ECDSA key fingerprint is SHA256:uhfGyGUZFJn2lcsppgfkrqSCy17C89nhi1qqMyZYjSc.
ECDSA key fingerprint is MD5:68:2d:9b:5a:bd:92:68:d7:85:fd:35:86:b1:7e:bc:48.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
目标主机查看是不是加上了:
[qqq@switch ~]$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd7zmYNV89sGYcW6Iy4jucPSmlRH7G2T3bm0rNDD5L/ck6c5dL3MKErjIUlGdw3nPvrwRA6+AKXHkW28vh2iTPnkmvy/g5QpGDX0DSIj9E+gNz9CKn8Qs5XRFsYrkPfuor5Qt4RMn0l27gSnOMDMethmFa6hlWeBeYGlXIk1wuqtRhFFlyduQxc9l+5pFsfh0tDVRcmKqxD7kvy32TLU9yQrZ7rw0M7IRaWQt69gh8vl+psHFrBSWINtNPw2OTmXqwnc0cAIi/aZXdt8S/Q7A5E2NT9I7Xz9IUoJqYfJixI1miU6r4K2M/0eKNmktg9T15fqWunElqQTUZWJXsWuhT linux1
sshpass
该工具也可以实现非交互式SSH密码验证
参考:https://www.cnblogs.com/chenlaichao/p/7727554.html(该文章有点小问题)
一、安装sshpass(epel源中)
[root@linux1 ~]# yum install -y sshpass
二、用法介绍
-p password
# -o StrictHostKeyChecking=no是ssh的选项,还挺管用的,我不加这个就执行失败了。很有必要,网上说是自动信任主机并加入know_hosts主机
# https://www.cnblogs.com/Peter2014/p/8250119.html
[root@linux1 ~]# sshpass -p 123456 ssh [email protected] -o StrictHostKeyChecking=no
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
Last login: Tue Aug 27 03:33:23 2019
[qqq@switch ~]$
脚本如下,执行成功
[root@linux1 ~]# cat sshpass.sh
#!/bin/bash
user_hostname=$1
password=$2
sshpass -p ${password} ssh ${user_hostname} -o StrictHostKeyChecking=no
[root@linux1 ~]# bash sshpass.sh [email protected] 123456
Warning: Permanently added '192.168.38.200' (ECDSA) to the list of known hosts.
Last login: Tue Aug 27 03:52:17 2019 from 192.168.38.123
[qqq@switch ~]$
sshpass实现自动发送密钥
一、生成密钥
[root@linux1 ~]# ssh-keygen -C "linux1" -t rsa -N "" -f ~/.ssh/id_rsa
二、脚本
[root@linux1 ~]# cat ssh_copy.sh
#!/bin/bash
IP="192.168.38.200"
PASSWORD="123456"
USER="root"
for node in ${IP};do
sshpass -p ${PASSWORD} ssh-copy-id ${USER}@${node} -o StrictHostKeyChecking=no
if [ "$?" -eq 0 ];then
echo "${node} 密钥copy完成"
else
echo "${node} 密钥copy失败"
exit 10
fi
done
三、执行脚本
[root@linux1 ~]# bash ssh_copy.sh
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
(if you think this is a mistake, you may want to use -f option)
192.168.38.200 密钥copy完成
#连接试一试,没问题
[root@linux1 ~]# ssh [email protected]
Last failed login: Tue Aug 27 03:57:42 CST 2019 from 192.168.38.123 on ssh:notty
There were 2 failed login attempts since the last successful login.
Last login: Tue Aug 27 03:33:07 2019 from 192.168.38.1
[root@switch ~]# logout