ssh-keygen免密登录

 
  
#!/bin/bash
#Function:Script will automatically generate the current login account of the public key to send to
#multiple remote hosts, in order to achieve the purpose of this machine SSH free login multiple remote host
#Usage:bash ssh-login-withoutpasswd.sh
#Date:2016/8
#Author:Jian

#运行该脚本前,请先安装expect,否则脚本运行不成功,原理:将本机产生的公钥id_rsa.pub用scp传输至远程服务器
#的家目录下的.ssh目录中便可实现本机(注意是用本机产生公钥的账号)登陆远程主机的目的
#需要注意的是要将远程主机各个家目录下的.ssh:chmod 700,其下面的文件全部:chmod 600
#在centos,rhel及ubuntu测试通过,如果成功将本机公钥传输到远程主机却不能免密登陆,请检查远程主机的selinux和iptables
#需要的话,可自行添加日志相关代码

check_hosts_on () {
ping_out=`mktemp ping.XXXXXX`
hosts_online=`mktemp hosts_online.XXXXXX`
cd $current_dir
for ip in $(cat hostnamelist|awk -F : '{print $1}')
do
ping -c1 -w1 $ip >/dev/null && echo "$ip is up" || echo "$ip is down"
done>>$ping_out
for ip_online in $(cat $ping_out|grep "up"|awk '{print $1}')
do
grep "$ip_online" hostnamelist >> $hosts_online
done
}
authorized_file_transfer () {
#enter the directory where hostnamelist is located
#the hostnamelist file has a target host IP address that needs to be delivered
#save format as ipaddr:username:password,eg:192.168.1.10:root:123456,note that do not leave spaces
cd $current_dir
for remote_infor in `cat $hosts_online`
do
remote_ip_addr=`echo "$remote_infor" | awk -F : '{print $1}'`
remote_username=`echo "$remote_infor" | awk -F : '{print $2}'`
remote_password=`echo "$remote_infor" | awk -F : '{print $3}'`
expect << EOF
set timeout 10
spawn ssh -o StrictHostKeyChecking=no $remote_username@$remote_ip_addr
set timeout 10
expect "$remote_username@$remote_ip_addr's password:"
set timeout 10
send "$remote_password\r"
set timeout 10
expect {
"*#*" {send "mkdir -p ~/.ssh\r"}
"*\$*" {send "mkdir -p ~/.ssh\r"}
}
set timeout 10
expect {
"*#*" {send "scp -o StrictHostKeyChecking=no $local_username@$local_ip_addr:$HOME/.ssh/id_rsa.pub ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
"*\$*" {send "scp -o StrictHostKeyChecking=no $local_username@$local_ip_addr:$HOME/.ssh/id_rsa.pub ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
}
set timeout 10
expect "$local_username@$local_ip_addr's password:"
set timeout 10
send "$local_host_passwd\r"
set timeout 10
expect {
"*#*" {send "cat ~/.ssh/authorized_keys_from_$local_ip_addr >> ~/.ssh/authorized_keys\r"}
"*\$*" {send "cat ~/.ssh/authorized_keys_from_$local_ip_addr >> ~/.ssh/authorized_keys\r"}
}
set timeout 10
expect {
"*#*" {send "chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && rm -f ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
"*\$*" {send "chmod 700 ~/.ssh && chmod 600 ~/.ssh/* && rm -f ~/.ssh/authorized_keys_from_$local_ip_addr\r"}
}
set timeout 10
expect {
"*#*" {send "chown -R $remote_username: ~/.ssh\r"}
"*\$*" {send "chown -R $remote_username: ~/.ssh\r"}
}
set timeout 10
expect {
"*#*" {send "exit\r"}
"*\$*" {send "exit\r"}
}
set timeout 10
expect eof
EOF
done
}
create_authorized_file () {
#using ssh-keygen to generate the key, the path is the default path, the empty password
if [ -d ~/.ssh ];then
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
else
mkdir -p ~/.ssh
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
fi
}
#get local IP address
local_ip_addr=`/sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"|head -1`
local_host_passwd="123456"
#get the user name of the current login user
local_username=`whoami`
#get the directory where the current run script is located
current_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $current_dir
#first determine whether the host list file exists
if [ -f hostnamelist ]; then
#detect which hosts online, which offline
check_hosts_on
if grep "down" $ping_out >/dev/null; then
echo "Warning:$(sed -n '/down/p' $ping_out|wc -l) hosts offline:"
sed -n '/down/p' $ping_out
echo "$(sed -n '/up/p' $ping_out|wc -l) hosts online:"
sed -n '/up/p' $ping_out
else
echo "The hosts in the hostnamelist are all online!"
fi
if [ -f ~/.ssh/id_rsa ] && [ -f ~/.ssh/id_rsa.pub ]; then
authorized_file_transfer
chown -R $local_username: ~/.ssh/
chmod 600 ~/.ssh/*
chmod 700 ~/.ssh
rm -f $ping_out
rm -f $hosts_online
exit 0
else
create_authorized_file
authorized_file_transfer
chown -R $local_username: ~/.ssh/
chmod 600 ~/.ssh/*
chmod 700 ~/.ssh
rm -f $ping_out
rm -f $hosts_online
exit 0
fi
else
echo "Error:the important file 'hostnamelist' has been lost"
echo "Now,creat it,but you still write something inside,the format is as follows:"
touch hostnamelist
echo "remote_ip_addr:remote_user_name:remote_host_password"
exit 0
fi

你可能感兴趣的:(Shell,Scripts)