#!/bin/bash
src_host=$1
src_username=$2
src_passwd=$3
dst_host=$4
dst_username=$5
dst_passwd=$6
#在遠程主機1上生成公私鑰對
Keygen()
{
expect << EOF
spawn ssh $src_username@$src_host ssh-keygen -t rsa
while 1 {
expect {
"password:" {
send "$src_passwd\n"
}
"yes/no*" {
send "yes\n"
}
"Enter file in which to save the key*" {
send "\n"
}
"Enter passphrase*" {
send "\n"
}
"Enter same passphrase again:" {
send "\n"
}
"Overwrite (y/n)" {
send "n\n"
}
eof {
exit
}
}
}
EOF
}
#從遠程主機1獲取公鑰保存到本地
Get_pub()
{
expect << EOF
spawn scp $src_username@$src_host:~/.ssh/id_rsa.pub /tmp
expect {
"password:" {
send "$src_passwd\n";exp_continue
}
"yes/no*" {
send "yes\n";exp_continue
}
eof {
exit
}
}
EOF
}
#將公鑰的內容附加到遠程主機2的authorized_keys
Put_pub()
{
src_pub="$(cat /tmp/id_rsa.pub)"
expect << EOF
spawn ssh $dst_username@$dst_host "chmod 700 ~/.ssh;echo $src_pub >> ~/.ssh/authorized_keys;chmod 600 ~/.ssh/authorized_ke
ys"
expect {
"password:" {
send "$dst_passwd\n";exp_continue
}
"yes/no*" {
send "yes\n";exp_continue
}
eof {
exit
}
}
EOF
}
Keygen
Get_pub
Put_pub
腳本主要由3個expect組成,比較簡單,用法是
./ssh_trust.sh host1 user1 passwd1 host2 user2 passwd2
即建立從user1@host1到user2@host2的ssh信任。
說明:
1、當然得安裝expect
2、腳本放在第三方機器(能遠程登錄host1和host2)上運行即可,當然放在host1和host2上運行也行。
3、如果想批量建立信任,可以編輯一個文件夾file如:
host1 user1 passwd1 host2 user2 passwd2
host3 user3 passwd3 host4 user4 passwd4
host5 user5 passwd5 host6 user6 passwd6
使用下面命令執行腳本即可:
xargs -n6 ./ssh_trust.sh < file4、倉促寫的,腳本只是簡單實現功能,使用前確保參數的可用性(用戶密碼主機名),不然很容易報錯
