Shell脚本+expect批量部署ssh


一、准备工作及思路
1,三台机器做实验(centos6.5、IP:192.168.0.22 (主控制)、192.168.0.156、192.168.0.157)
2,IP:22这一台做主控机器,另外2台做客户机。
3,提前在主控制机器上创建好公钥,安装好expect,使用脚本批量推送ssh公钥。
4,本次部署是以root身份进行下面的操作。


二、正式部署
1,首先创建秘钥

[root@Ansible .ssh]# ssh-keygen -t rsa 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
a3:08:ab:02:bf:7b:12:7d:d9:8f:9c:a9:67:38:53:a1 [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
.
.. +S.
. .o..E.o.
.......+ =
..o . + B .
o o= .*
+-----------------+

2,在根目录下创建一个scripts来存放脚本文件和 ip.txt文件

[root@Ansible /]# mkdir scripts
[root@Ansible /]# cd scripts/
[root@Ansible scripts]# touch ip.txt

3,接着在scripts目录下编辑脚本文件及ip.txt内容:

[root@Ansible scripts]# cat fenfa.sh 
#!/bin/bash  
#date:2018-04-11  
#author tony 
#批量ssh认证建立  
    for p in $(cat /scripts/ip.txt)  
    do   
    ip=$(echo "$p"|cut -f1 -d":")         
    password=$(echo "$p"|cut -f2 -d":") 

    expect -c "   
    spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$ip  
            expect {   
                    \"*yes/no*\" {send \"yes\r\"; exp_continue}   
                    \"*password*\" {send \"$password\r\"; exp_continue}   
                    \"*Password*\" {send \"$password\r\";}   
            }   
    "   
    done    

    for h in $(cat /scripts/ip.txt|cut -f1 -d":")  
    do  
    ssh root@$h ' ifconfig '    
    #如果命令是多行的,请参照下面  
    #ssh root@$h '此处写要执行的命令1' 
    #ssh root@$h '此处写要执行的命令2' 
    #ssh root@$h '此处写要执行的命令3' 
    done

查看一下ip.txt

[root@Ansible scripts]# cat ip.txt 
192.168.0.156:hwg123
192.168.0.157:hwg123

4,最后执行脚本即可

[root@Ansible scripts]# sh fenfa.sh 
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
Now try logging into the machine, with "ssh '[email protected]'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

spawn ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
Now try logging into the machine, with "ssh '[email protected]'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

eth0      Link encap:Ethernet  HWaddr 00:50:56:21:DA:F4  
          inet addr:192.168.0.156  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe21:daf4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:58225 errors:0 dropped:0 overruns:0 frame:0
          TX packets:351 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3662557 (3.4 MiB)  TX bytes:45504 (44.4 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

eth0      Link encap:Ethernet  HWaddr 00:50:56:35:D4:31  
          inet addr:192.168.0.157  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe35:d431/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:228313 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:22630600 (21.5 MiB)  TX bytes:443245 (432.8 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:19 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1292 (1.2 KiB)  TX bytes:1292 (1.2 KiB)

当然这个比较low,以后有时间再改进一下。