[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本

转载

jinanxiaolaohu6 2024-01-16 11:40:36

1. 前文

搭建了一套有多台主机的局域网环境，不完全考虑安全性的情况下，为方便管理局域网内主机，配置SSH免密登录，因主机较多，前阵子针对配置ssh免密和取消ssh免密功能单独写了脚本来自动化批量部署，现把两个功能封装在一起做成交互式程序

2.实现代码

#!/bin/bash
#Author:cosann
#Version:0.2
#date:2022/7/27
#description:批量部署SSH免密登录脚本
E_ERROR=65
#传参检测
if [ $# -ne 1 ]
then
echo -e "Usage:$0 ip_list_file "
exit E_ERROR
fi
#文件检测
if [ ! -f "$1" ]
then
echo -e "IP_List_File $1文件异常,请检查内容"
exit E_ERROR
fi
#初始化
ip_list_file=$1
#从文本读取值初始化变量
ip_address=(</span><span >awk</span> <span >'{print $1}'</span> $ip_list_file<span >)
username=(</span><span >awk</span> <span >'{print $2}'</span> $ip_list_file<span >)
password=(</span><span >awk</span> <span >'{print $3}'</span> $ip_list_file<span >)
#安装软件检测及部署环境配置
echo -e "》》》开始检测依赖的必须组件是否安装》》》\n"
if [ </span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"expect"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span > -ne 0 ]
then
echo -e "未安装必须组件Expect，开始执行安装，请稍等..."
( yum install -y expect &> /dev/null && echo -e ">Expect安装完成!" ) || ( echo -e "部署必须组件Expect失败,请检查Yum配置" && exit E_ERROR )
elif [ </span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"openssl"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span > -ne 0 ]
then
( yum install -y openssh &> /dev/null && echo -e ">Openssh安装完成!" ) || ( echo -e "部署必须组件Openssh失败,请检查Yum配置" && exit E_ERROR )
elif [ </span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"openssh-clients"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span > -ne 0 ]
then
( yum install -y openssh-clients &> /dev/null && echo -e ">Openssh-clients安装完成!" ) || ( echo -e "部署必须组件Openssh-clients失败,请检查Yum配置" && exit E_ERROR )
else
echo -e ">必须组件Expect已安装"
echo -e ">必须组件Openssh已安装"
echo -e ">必须组件Openssh-clients已安装"
fi
#打印菜单
echo -e "\n="
echo -e "该脚本可以实现批量部署和删除SSH免密配置"
echo -e "Author:Cosann"
echo -e "Create time:2022/07/27"
echo -e "="
while :
do
echo -e ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
echo -e "1. 配置SHH免密登录"
echo -e "2. 取消SHH免密配置"
echo -e "3. 退出程序"
<span >#功能控制及实现</span>
<span >read</span> -p <span >"请输入序号>>> "</span> nu
<span >if</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"3"</span> <span >]</span><span >]</span>
<span >then</span>
    <span >#退出程序</span>
    <span >echo</span> -e <span >"<span  title="\n">\n</span>###!!!感谢使用，再见!!!###"</span>

    <span >exit</span> <span >0</span>
<span >elif</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"1"</span> <span >]</span><span >]</span>
<span >then</span>    
    <span >echo</span> <span >"开始推送"</span>
    <span >#检测公钥文件是否存在，不存在则生成</span>
    <span >if</span> <span >[</span> <span >!</span> -e <span >"<span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub"</span> <span >]</span><span >;</span><span >then</span>
        ssh-keygen -t rsa -P <span >''</span> -f <span class="token environment constant">$HOME</span>/.ssh/id_rsa
    <span >else</span>
        <span >echo</span> -e <span >"》》》已创建公钥文件,开始向远端服务器推送公钥》》》"</span>
    <span >fi</span>

    <span >#循环控制</span>
    <span >count</span><span >=</span><span ><span >`</span><span >grep</span> -v <span >'^$'</span> $ip_list_file <span >|</span> <span >wc</span> -l <span >`</span></span>
    <span >for</span> <span ><span >((</span> i<span >=</span><span >0</span><span >;</span>i<span ><</span>$count<span >;</span>i<span >++</span> <span >))</span></span>
    <span >do</span>
        <span >#echo -e "${ip_address[$i]}\t${username[$i]}\t${password[$i]}"</span>
        <span >#自动化交互实现推送ssh公钥</span>
        /usr/bin/expect<span ><<-</span><span >EOF
        spawn ssh-copy-id -i <span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub <span >${username<span >[</span>$i<span >]</span>}</span>@<span >${ip_address<span >[</span>$i<span >]</span>}</span>
        expect {
        "*yes/no"    { send "yes<span  title="\r">\r</span>";exp_continue }
        "*password"  { send "<span >${password<span >[</span>$i<span >]</span>}</span><span  title="\r">\r</span>" }
    }
    expect eof

EOF
done
echo -e "--------------------------------------------------------------------------------------"
echo -e "--------------------------------------------------------------------------------------"
echo -e "--------------------------------------------------------------------------------------"
echo -e "###推送完成，尝试免密登录###"
#推送公钥成功免密结果通知
for (( i=0;i<\(count<span >;</span>i<span >++</span> <span >))</span></span>
        <span >do</span>
            /usr/bin/expect<span ><<-</span><span >EOF
            spawn ssh <span >\){username[\(i<span >]</span>}</span>@<span >\){ip_address[$i]}

expect "]#"

send "echo "##登录成功##"\r"

expect "]#"

send "exit\r"

EOF
done
echo -e "-------------------------------------------"
echo -e "已完成SHH免密配置,请尝试SHH登录远端主机确认"
<span >elif</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"2"</span> <span >]</span><span >]</span>
<span >then</span>
    <span >#自动化交互实现删除配置免密的远程主机上的authorized_keys</span>
    <span >count</span><span >=</span><span ><span >`</span><span >grep</span> -v <span >'^$'</span> $ip_list_file <span >|</span> <span >wc</span> -l <span >`</span></span>
    <span >for</span> <span ><span >((</span> i<span >=</span><span >0</span><span >;</span>i<span ><</span>$count<span >;</span>i<span >++</span> <span >))</span></span>
    <span >do</span>
    /usr/bin/expect<span ><<-</span><span >EOF
    spawn ssh <span >${username<span >[</span>$i<span >]</span>}</span>@<span >${ip_address<span >[</span>$i<span >]</span>}</span>
    expect "*]#"    
    send "rm -f /root/.ssh/authorized_keys 2> /dev/null<span  title="\r">\r</span>"
    expect "*]#"
    send "exit<span  title="\r">\r</span>"

EOF
done
echo -e "-------------------------------------------"
echo -e "已取消SHH免密配置,请尝试SHH登录远端主机确认"
<span >else</span>
    <span >echo</span> -e <span >"<span  title="\033">\033</span>[41;37m 非法输入，请检查输入!!! <span  title="\033">\033</span>[0m"</span>
<span >fi</span>

done

</span><span >awk</span> <span >'{print $1}'</span> $ip_list_file<span >
</span><span >awk</span> <span >'{print $2}'</span> $ip_list_file<span >
</span><span >awk</span> <span >'{print $3}'</span> $ip_list_file<span >
</span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"expect"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span >
</span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"openssl"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span >
</span><span >rpm</span> -qa <span >|</span> <span >grep</span> <span >"openssh-clients"</span> <span >&></span> /dev/null<span >;</span><span >echo</span> $?<span >
<span >#功能控制及实现</span>
<span >read</span> -p <span >"请输入序号>>> "</span> nu
<span >if</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"3"</span> <span >]</span><span >]</span>
<span >then</span>
    <span >#退出程序</span>
    <span >echo</span> -e <span >"<span  title="\n">\n</span>###!!!感谢使用，再见!!!###"</span>

    <span >exit</span> <span >0</span>
<span >elif</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"1"</span> <span >]</span><span >]</span>
<span >then</span>    
    <span >echo</span> <span >"开始推送"</span>
    <span >#检测公钥文件是否存在，不存在则生成</span>
    <span >if</span> <span >[</span> <span >!</span> -e <span >"<span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub"</span> <span >]</span><span >;</span><span >then</span>
        ssh-keygen -t rsa -P <span >''</span> -f <span class="token environment constant">$HOME</span>/.ssh/id_rsa
    <span >else</span>
        <span >echo</span> -e <span >"》》》已创建公钥文件,开始向远端服务器推送公钥》》》"</span>
    <span >fi</span>

    <span >#循环控制</span>
    <span >count</span><span >=</span><span ><span >`</span><span >grep</span> -v <span >'^$'</span> $ip_list_file <span >|</span> <span >wc</span> -l <span >`</span></span>
    <span >for</span> <span ><span >((</span> i<span >=</span><span >0</span><span >;</span>i<span ><</span>$count<span >;</span>i<span >++</span> <span >))</span></span>
    <span >do</span>
        <span >#echo -e "${ip_address[$i]}\t${username[$i]}\t${password[$i]}"</span>
        <span >#自动化交互实现推送ssh公钥</span>
        /usr/bin/expect<span ><<-</span><span >EOF
        spawn ssh-copy-id -i <span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub <span >${username<span >[</span>$i<span >]</span>}</span>@<span >${ip_address<span >[</span>$i<span >]</span>}</span>
        expect {
        "*yes/no"    { send "yes<span  title="\r">\r</span>";exp_continue }
        "*password"  { send "<span >${password<span >[</span>$i<span >]</span>}</span><span  title="\r">\r</span>" }
    }
    expect eof

<span >elif</span> <span >[</span><span >[</span> <span >"<span >$nu</span>"</span> <span >==</span> <span >"2"</span> <span >]</span><span >]</span>
<span >then</span>
    <span >#自动化交互实现删除配置免密的远程主机上的authorized_keys</span>
    <span >count</span><span >=</span><span ><span >`</span><span >grep</span> -v <span >'^$'</span> $ip_list_file <span >|</span> <span >wc</span> -l <span >`</span></span>
    <span >for</span> <span ><span >((</span> i<span >=</span><span >0</span><span >;</span>i<span ><</span>$count<span >;</span>i<span >++</span> <span >))</span></span>
    <span >do</span>
    /usr/bin/expect<span ><<-</span><span >EOF
    spawn ssh <span >${username<span >[</span>$i<span >]</span>}</span>@<span >${ip_address<span >[</span>$i<span >]</span>}</span>
    expect "*]#"    
    send "rm -f /root/.ssh/authorized_keys 2> /dev/null<span  title="\r">\r</span>"
    expect "*]#"
    send "exit<span  title="\r">\r</span>"

<span >else</span>
    <span >echo</span> -e <span >"<span  title="\033">\033</span>[41;37m 非法输入，请检查输入!!! <span  title="\033">\033</span>[0m"</span>
<span >fi</span>

3. 使用方法

3.1 使用前准备

将代码复制到脚本文件，赋予执行权限
提前准备好IP地址用户密码文件

3.2 IP地址用户密码文件格式（注意!!!）

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本_推送

3.3 运行脚本

#脚本名 IP地址用户密码文件
#举例
./ssh.sh host.txt	#脚本会判断调用脚本是否有指定IP地址用户密码文件,没有的情况下会运行脚本失败并提示

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本_初始化_02

4. 使用注意

4.1 IP地址用户密码文件格式请按照以上图示标准填写，内容不正确时会出现等待ssh登录或者重试的结果，这时候需要检查配置文件的用户名或者密码是否错误

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本_IP_03

4.2 未在配置ssh免密的情况使用脚本，需要多次ctrl+c强制退出脚本

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本_初始化_04

代码干货分享，如果你有不一样的想法，欢迎一起交流学习~

上一篇：[转帖]Linux系统NVME盘分区和挂载

下一篇：[转帖]Kubernetes部署Minio集群存储的选择，使用DirectPV CSI作为分布式存储的最佳实践

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本

[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本

1. 前文

2.实现代码

3. 使用方法

3.1 使用前准备

3.2 IP地址用户密码文件格式（注意!!!）

3.3 运行脚本

4. 使用注意

4.1 IP地址用户密码文件格式请按照以上图示标准填写，内容不正确时会出现等待ssh登录或者重试的结果，这时候需要检查配置文件的用户名或者密码是否错误

4.2 未在配置ssh免密的情况使用脚本，需要多次ctrl+c强制退出脚本

51CTO博客