在linux环境上面,建立双机信任关系

(1)  脚本build_ssh_trust_relation.sh 内容如下:

#!/usr/bin/expect
##############################################################################
#  文 件 名   : build_ssh_trust_relation.sh
#  作    者   : 
#  生成日期   : 
#  功能描述   : 建立双机信任关系
#  最近修改   : 无
#  修改历史   : 
#  1.日    期   : 
#    作    者   : 
#    修改内容   : 
##############################################################################
set prefix "\033\[1;31m>>>\033\[0m"


proc usage {} {
    regsub ".*/" $::argv0 "" name
    send_user "Usage:\n"
    send_user "    $name \[user@]host password\n"
    send_user "\n"
    send_user "Report bugs to <\033\[1;[email protected]\033\[0m>\n"
    exit 1
}


proc check_id_files {} {
    if {! [file exists $::id_file]} {
send_user "$::prefix id file not found, try creating ...\n"
if {[catch { spawn ssh-keygen -t rsa } error]} {
   send_error "$::prefix $error\n"
   exit 1
}
expect -nocase -re "\(.*\):"
send -- "\r"
expect -nocase -re "passphrase.*:"
send -- "\r"
expect -nocase -re "passphrase.*again:"
send -- "\r"
expect eof
send_user "$::prefix id file successfully created\n"
    }
}


proc remove_known_hosts_entry {host} {
    regsub ".*/" $::argv0 "" name
    set tmp_file "/tmp/$name.tmp"
    set known_hosts "$::env(HOME)/.ssh/known_hosts"
    send_user "$::prefix trying to remove '$host' from ~/.ssh/known_hosts ... "
    if {[catch {
set fd_known_hosts [open $known_hosts r]
set fdTmp [open $tmp_file w]
while 1 {
   gets $fd_known_hosts line
   if [eof $fd_known_hosts] {
break
   }
   if [regexp "(\[^, ]+,)*${host}(,\[^, ]+)* " $line] {
continue
   }
   puts $fdTmp $line
}
close $fd_known_hosts
close $fdTmp
file rename -force $tmp_file $known_hosts
send_user "OK\n"
    } error]} {
send_user "failed\n"
send_user "$::prefix $error\n"
exit 1
    }
}


## get host and password from command line parameters
if {[llength $argv] != 2} {
    usage
}
set user@host [lindex $argv 0]
set passwd [lindex $argv 1]


## create public key file if not found
set id_file "$env(HOME)/.ssh/id_rsa.pub"
check_id_files


## ssh to host
set yes_no 0
set ok_string SUCCESS
set timeout 5
set done 0
while {!$done} {
    spawn ssh ${user@host} echo $ok_string
    expect {
-nocase -re "yes/no" {
   set yes_no 1
   send -- "yes\r"
   set done 1
}
-nocase -re "password: " {
   set done 1
}
$ok_string {
   send_user "$prefix ok\n"
   exit 0
}
"@@@@@@@@@@@@@@@@@@@@" {
   expect eof
   set indexOfAtSign [string first "@" ${user@host}]
   incr indexOfAtSign
   set hostname [string range ${user@host} $indexOfAtSign end]
   remove_known_hosts_entry $hostname
}
eof {
   send_error "$prefix failed\n"
   exit 1
}
timeout {
   send_error "$prefix timeout\n"
            
            exit 16
}
    }
}


if {$yes_no} {
    expect {
$ok_string {
   send_user "$prefix ok\n"
   exit 0
}
-nocase -re "password: " {}
    }
}
send -- "$passwd\r"
expect {
    -nocase "try again" {
send_error "$prefix passwd error\n"
exit 11
    }
    -nocase "password:" {
send_error "$prefix passwd error\n"
exit 11
    }
    $ok_string {}
}
expect eof


## append public key file to remote host's ~/.ssh/authorized_keys
if {[catch {
    set IDFILE [open $id_file RDONLY]
    set pub_key [read $IDFILE]
    close $IDFILE
} error]} {
    send_error "$prefix $error\n"
    exit 1
}
set pub_key [string trimright $pub_key "\r\n"]
spawn ssh ${user@host} "cd; mkdir .ssh 2> /dev/null; echo '$pub_key' >> .ssh/authorized_keys"
expect -nocase -re "password:"
send -- "$passwd\r"
expect eof
send_user "$prefix gook luck\n"

(2) 执行脚本,创建两台linux机器之间的信任关系:


linux:/home # ./build_ssh_trust_relation.sh [email protected] password
spawn ssh [email protected] echo SUCCESS
Password: 
SUCCESS
spawn ssh [email protected] cd; mkdir .ssh 2> /dev/null; echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5voAOS1tZb9WIE1GP1K+5q4Eqn3V9BP+/NNcELFgLHVLjlAokcOcM/01kVtptHVK6+OFqRA8HPcirF9R0YnYJZojOzflDtOPO1zK3UGpNHw790vRSEs/KB6gdvnhYfBLnNLAf3S0cdE8pE6JMBH5WPK8/ZcYaB3pVvMTtMMFkbdNuYjE2KE6RLfozYbrtFS9tOFqx9pY317YEuUnGjlpTFagEpO8AtMTkCkY8KRVz+MPbzMvg4yAgMM3jVSD8rfsrUKGjHOLk5By/VVfx2AKpnGLgTQ+3ptoQin1WmgZDEhYX5JrRoqpOn5SYxJOyngrXaP5vN5C+HaZhclBAZpctQ== root@linux' >>.ssh/authorized_keys
Password: 
>>> gook luck

(3)  测试

linux:/home # ssh 10.137.10.10
Last login: Sat Oct 12 13:00:15 2013 from 10.137.10.136


你可能感兴趣的:(在linux环境上面,建立双机信任关系)