批量給Linux服務器分發公鑰
1.公鑰的生成
[root@nfs1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
27:68:04:bf:45:8d:b7:44:a4:a9:18:38:49:07:b7:b4 root@http1
The key's randomart image is:
+--[ RSA 2048]----+
| o.= .=o |
| . * = ..o+ |
| + E o +o . |
| . + = . |
| . = S . |
| . o |
| |
| |
| |
+-----------------+
2.安裝分發使用的軟件
[root@nfs1 ~]# yum install expect -y
3.編輯exp文件
[root@nfs1 ~]# vim fenfa_sshkey.exp
#!/usr/bin/expect
if { $argc != 2 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "MyPassword"
spawn ssh-copy-id root@$host:$dir
#spawn ssh-copy-id -i $file "-p 52113 oldboy@$host:$dir"
"*password" {send "$password\r"}
}
expect eof
exit -onexit {
send_user "Oldboy say good bye to you!\n"
}
#script usage
#expect oldboy-6.exp file host dir
#example
#./oldboy-6.exp /etc/hosts 10.0.0.179 /etc/hosts
exit -onexit {
send_user "Oldboy say good bye to you!\n"
exit -onexit {
send_user "Oldboy say good bye to you!\n"
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
if { $argc != 3 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
if { $argc != 3 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
~
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
4.編輯分發使用的腳本並給執行的權限
[root@nfs1 ~]# vim fenfa_sshkey.sh
vi fenfa_sshkey.sh
#!/bin/sh
. /etc/init.d/functions
for ip in `cat iplist`
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub $ip ~/ >/dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
[root@nfs1 ~]# chmod +x fenfa_sshkey.sh
5.編譯要分發的主機ip地址表
[root@nfs1 ~]# vim iplist
10.1.41.60
10.1.41.61
10.1.41.62
10.1.41.63
10.1.41.64
10.1.41.65
10.1.41.66
10.1.41.67
10.1.41.68
10.1.41.69
10.1.41.71
6.檢查所需的文件完整性
[root@nfs1 ~]# ll
-rw-r--r-- 1 root root 1352 3月 15 20:43 fenfa_sshkey.exp
-rwxr-xr-x 1 root root 218 3月 15 20:38 fenfa_sshkey.sh
-rw-r--r-- 1 root root 121 3月 15 20:44 iplist
7.執行腳本分發ssh-key
[root@nfs1 ~]# sh fenfa_sshkey.sh
10.1.41.60 [ 確定 ]
10.1.41.61 [ 確定 ]
10.1.41.62 [ 確定 ]
10.1.41.63 [ 確定 ]
10.1.41.64 [ 確定 ]
10.1.41.65 [ 確定 ]
10.1.41.66 [ 確定 ]
10.1.41.67 [ 確定 ]
10.1.41.68 [ 確定 ]
10.1.41.69 [ 確定 ]
10.1.41.71 [ 確定 ]
ok 完成公鑰的分發
[root@nfs1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
27:68:04:bf:45:8d:b7:44:a4:a9:18:38:49:07:b7:b4 root@http1
The key's randomart image is:
+--[ RSA 2048]----+
| o.= .=o |
| . * = ..o+ |
| + E o +o . |
| . + = . |
| . = S . |
| . o |
| |
| |
| |
+-----------------+
2.安裝分發使用的軟件
[root@nfs1 ~]# yum install expect -y
3.編輯exp文件
[root@nfs1 ~]# vim fenfa_sshkey.exp
#!/usr/bin/expect
if { $argc != 2 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
}
#define var
set file [lindex $argv 0]
set host [lindex $argv 1]
set password "MyPassword"
spawn ssh-copy-id root@$host:$dir
#spawn ssh-copy-id -i $file "-p 52113 oldboy@$host:$dir"
"*password" {send "$password\r"}
}
expect eof
exit -onexit {
send_user "Oldboy say good bye to you!\n"
}
#script usage
#expect oldboy-6.exp file host dir
#example
#./oldboy-6.exp /etc/hosts 10.0.0.179 /etc/hosts
exit -onexit {
send_user "Oldboy say good bye to you!\n"
exit -onexit {
send_user "Oldboy say good bye to you!\n"
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
if { $argc != 3 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
if { $argc != 3 } {
send_user "usage: expect scp-expect.exp file host dir\n"
exit
~
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
expect {
"yes/no" {send "yes\r";exp_continue}
"*password" {send "$password\r"}
4.編輯分發使用的腳本並給執行的權限
[root@nfs1 ~]# vim fenfa_sshkey.sh
vi fenfa_sshkey.sh
#!/bin/sh
. /etc/init.d/functions
for ip in `cat iplist`
do
expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub $ip ~/ >/dev/null 2>&1
if [ $? -eq 0 ];then
action "$ip" /bin/true
else
action "$ip" /bin/false
fi
done
[root@nfs1 ~]# chmod +x fenfa_sshkey.sh
5.編譯要分發的主機ip地址表
[root@nfs1 ~]# vim iplist
10.1.41.60
10.1.41.61
10.1.41.62
10.1.41.63
10.1.41.64
10.1.41.65
10.1.41.66
10.1.41.67
10.1.41.68
10.1.41.69
10.1.41.71
6.檢查所需的文件完整性
[root@nfs1 ~]# ll
-rw-r--r-- 1 root root 1352 3月 15 20:43 fenfa_sshkey.exp
-rwxr-xr-x 1 root root 218 3月 15 20:38 fenfa_sshkey.sh
-rw-r--r-- 1 root root 121 3月 15 20:44 iplist
7.執行腳本分發ssh-key
[root@nfs1 ~]# sh fenfa_sshkey.sh
10.1.41.60 [ 確定 ]
10.1.41.61 [ 確定 ]
10.1.41.62 [ 確定 ]
10.1.41.63 [ 確定 ]
10.1.41.64 [ 確定 ]
10.1.41.65 [ 確定 ]
10.1.41.66 [ 確定 ]
10.1.41.67 [ 確定 ]
10.1.41.68 [ 確定 ]
10.1.41.69 [ 確定 ]
10.1.41.71 [ 確定 ]
ok 完成公鑰的分發
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.