今天主要介绍一下linux如何批量建立SSH免密的过程,仅供参考。
一、批量建立ssh私钥认证
1. 编译安装expect
expect依赖于tcl,而linux系统里一般不自带安装tcl,所以需要手动安装。
(1) 安装tcl
- cd /opt/tcl8.4.11/unix
- ./configure
- make && make install
(2) 安装expect
- cd expect-5.43.0
- ./configure --with-tclinclude=/opt/tcl8.4.11/generic --with-tclconfig=/usr/local/lib/
- make && make install
(3) 测试
2. 主控端生成公钥
执行ssh-keygen,该命令会默认在~/.ssh/目录下创建id_rsa、id_rsa.pub两个文件,分别为公钥和私钥
- ssh-keygen
- cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
3. 相关脚本
以下均放在/root目录下
(1) ip.txt
注意前面是IP,后面是密码,用冒号:分割,如果密码有冒号的建议单独处理
- IP:密码
(2) remote_operate.sh
- #!/bin/bash
- #copyright by hwb
- if [ ! -d /root/.ssh ];then
- mkdir /root/.ssh
- fi
- cat /tmp/authorized_keys >> /root/.ssh/authorized_keys
(3) batch_sshkey.sh
- #!/bin/bash
- #copyright by hwb
- for i in `cat ip.txt`
- do
- ip=$(echo "$i"|cut -f1 -d":")
- password=$(echo "$i"|cut -f2 -d":")
- expect -c "
- spawn scp /root/.ssh/authorized_keys /root/remote_operate.sh root@$ip:/tmp/
- expect {
- \"*yes/no*\" {send \"yes\r\"; exp_continue}
- \"*password*\" {send \"$password\r\"; exp_continue}
- \"*Password*\" {send \"$password\r\";}
- }
- "
- expect -c "
- spawn ssh root@$ip "/tmp/remote_operate.sh"
- expect {
- \"*yes/no*\" {send \"yes\r\"; exp_continue}
- \"*password*\" {send \"$password\r\"; exp_continue}
- \"*Password*\" {send \"$password\r\";}
- }
- "
- done
4. 执行脚本并测试
运行batch_sshkey.sh脚本