非交互式生成秘钥及实现批量管理
1、创建用户及密码(所有的机器都要执行)
useradd ydl
echo 123456|passwd --stdin ydl
id ydl
su - ydl
2、生成秘钥对
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa>/dev/null 2>&1
3、分发秘钥
ssh-copy-id -i .ssh/id_dsa.pub [email protected]
单个自动分发秘钥:
[ydl@test-22 ~]$ cat fenfa_sshkey.exp
#!/usr/bin/expect
if { $argc != 2 } {
send_user "usage: expect fenfa_sshkey.exp file host\n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "123456"
#spawn scp /etc/hosts [email protected]:/etc/hosts
#spawn scp -P22 $file ydl@host:$dir
spawn ssh-copy-id -i $file "ydl@$host"
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
}
expect eof
exit -onexit {
send_user "ydl say good bye to you!\n"
}
#script usage
#expect ydl-6.exp file host dir
#example
#expect fenfa_sshkey.exp file host dir
#expect fenfa_sshkey.exp ~/hosts 192.168.1.43:~
结果:expect fenfa_sshkey.exp .ssh/id_dsa.pub 192.168.1.186
批量分发脚本:
[ydl@test-22 ~]$ cat fenfa_sshkey.sh
#!/bin/sh
. /etc/init.d/functions
for ip in 43 186 192
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 192.168.1.$ip >/dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
一键自动化批量安装服务脚本
1.创建用户
useradd ydl123
echo 123456|passwd --stdin ydl123
id ydl123
2.sudo提权实现没有权限用户拷贝
配置sudoers
echo "ydl123 ALL= NOPASSWD:ALL ">>/etc/sudoers
visudo -c
su - ydl123
3.
脚本1、
[ydl123@test-22 ~]$ cat fenfa_sshkey.exp
#!/usr/bin/expect
if { $argc != 2 } {
send_user "usage: expect fenfa_sshkey.exp file host\n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "123456"
#spawn scp /etc/hosts [email protected]:/etc/hosts
#spawn scp -P22 $file ydl@host:$dir
spawn ssh-copy-id -i $file "ydl123@$host"
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
}
expect eof
exit -onexit {
send_user "ydl say good bye to you!\n"
}
#script usage
#expect ydl-6.exp file host dir
#example
#expect fenfa_sshkey.exp file host dir
#expect fenfa_sshkey.exp ~/hosts 192.168.1.43:~
脚本2、
[ydl123@test-22 ~]$ cat auto_deploy.sh
#!/bin/sh
. /etc/init.d/functions
######################创建密钥#####################
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa>/dev/null 2>&1
if [ $? -eq 0 ];then
action "create dsa $ip" /bin/true
else
action "create dsa $ip" /bin/false
exit 1
fi
#######################分发密钥###################
for ip in 43 186 192
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 192.168.1.$ip >/dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
######################dis fenfa scripts###########
for n in 43 186 192
do
scp -P 22 -rp ~/scripts [email protected].$n:~
done
###################install sevice################
for m in 43 186 192
do
ssh -t -p 22 [email protected].$m sudo /bin/bash ~/scripts/install.sh
done
验证成功!