Linux ssh服务之免密码登录批量分发方案

SSH KEY免密码登录批量分发方案

简要架构图：

实现方法：
　　1.通过scp命令批量分发
　　2.通过rsync命令批量分发
　　3.通过脚本批量分发

　　ssh key免密钥认证配置，可参考：http://www.cnblogs.com/lycn/articles/3258560.html

[环境]
CentOS release 5.8 (Final)
2.6.18-308.el5
中心分发服务器A：Center-A：10.0.0.51
接收节点服务器B：Client-B：10.0.0.52
接收节点服务器C：Client-C：10.0.0.53
######添加新用户： 添加系统账号（避免禁止root ssh远程连接，造成的问题）

[Center-A:10.0.0.51]
测试查看，已经可以免密码登录操作
[root@Center-A ~]# ssh lican@10.0.0.52 uptime
 14:19:13 up  4:16,  1 user,  load average: 0.00, 0.00, 0.00
[root@Center-A ~]# ssh lican@10.0.0.53 uptime
 14:19:18 up  4:16,  1 user,  load average: 0.00, 0.00, 0.00

方法1: 通过scp命令进行批量分发
[测试] 将Center-A，root用户家目录内的system_init.sh脚本分发到Client-B的lican用户和Client-C的lican用户的家目录内。
[分发前]
[lican@Client-B ~]$ ll
total 0
[lican@Client-C ~]$ ll
total 0
[root@Center-A ~]# ls
anaconda-ks.cfg  install.log  install.log.syslog  scp_ff.sh  system_init.sh

[执行分发]
[root@Center-A ~]# cat scp_ff.sh 
scp -P22 /root/system_init.sh  lican@10.0.0.52:~
scp -P22 /root/system_init.sh  lican@10.0.0.53:~
[root@Center-A ~]# sh scp_ff.sh 
system_init.sh                                           100% 2832     2.8KB/s   00:00    
system_init.sh                                           100% 2832     2.8KB/s   00:00    

[分发后]
[lican@Client-B ~]$ ll
total 4
-rw-r--r-- 1 lican lican 2832 May 22 14:31 system_init.sh
[lican@Client-C ~]$ ll
total 4
-rw-r--r-- 1 lican lican 2832 May 22 14:31 system_init.sh


方法2：通过rsync命令进行批量分发
[分发前]
[root@Center-A ~]# ll /tmp/
total 8
drwxr-xr-x 2 root root 4096 May 22 16:20 lican
drwx------ 2 root root 4096 May 22 14:18 ssh-eKRVhm2810
[lican@Client-B ~]$ ls -l /tmp/
total 4
drwx------ 2 root root 4096 May 22 11:26 ssh-tgNGJs2670
[lican@Client-C ~]$ ls -l /tmp/
total 4
drwx------ 2 root root 4096 May 22 11:26 ssh-iwdybD2703

[执行分发]
[root@Center-A ~]# cat scp_ff01.sh 
rsync -avz --progress -e 'ssh -p22' /tmp/lican/ lican@10.0.0.52:/tmp/lican
rsync -avz --progress -e 'ssh -p22' /tmp/lican/ lican@10.0.0.53:/tmp/lican
[root@Center-A ~]# sh scp_ff01.sh 
sending incremental file list
./

sent 29 bytes  received 15 bytes  88.00 bytes/sec
total size is 0  speedup is 0.00
sending incremental file list
./

sent 29 bytes  received 15 bytes  29.33 bytes/sec
total size is 0  speedup is 0.00

[分发后]
[lican@Client-B ~]$ ls -l /tmp/
total 8
drwxr-xr-x 2 lican lican 4096 May 22 16:20 lican
drwx------ 2 root  root  4096 May 22 11:26 ssh-tgNGJs2670
[lican@Client-C ~]$ ls -l /tmp/
total 8
drwxr-xr-x 2 lican lican 4096 May 22 16:20 lican
drwx------ 2 root  root  4096 May 22 11:26 ssh-iwdybD2703

方法3：通过脚本批量分发
[分发前]
[lican@Center-A ~]$ ll
total 8
-rw-r--r-- 1 root root  30 May 23 04:15 all_iplist.txt
-rw-r--r-- 1 root root 378 May 23 04:15 fenfa.sh
[lican@Client-B ~]$ ll /tmp
total 0
[lican@Client-C ~]$ ll /tmp
total 0

[执行分发]
[lican@Center-A ~]$ cat all_iplist.txt 
10.0.0.51
10.0.0.52
10.0.0.53
[lican@Center-A ~]$ cat fenfa.sh 
#!/bin/sh
. /etc/init.d/functions
file="$1"
remote_dir="$2"
if [ $# -ne 2 ];then
   echo "usage:$0 argv1 argv2"
   echo "must have two argvs."
   exit
fi
for ip in `cat all_iplist.txt`
  do
     scp -P22 -r -p $file lican@$ip:$remote_dir >/dev/null 2>&1
  if [ $? -eq 0 ];then
     action "$ip is successful." /bin/true
  else
     action "$ip is failure." /bin/false
  fi
done
[lican@Center-A ~]$ sh fenfa.sh all_iplist.txt /tmp
10.0.0.51 is successful.                                   [  OK  ]
10.0.0.52 is successful.                                   [  OK  ]
10.0.0.53 is failure.                                      [FAILED]

[执行后]
[lican@Client-B ~]$ ll /tmp
total 4
-rw-r--r-- 1 lican lican 30 May 23 03:59 all_iplist.txt
[lican@Client-C ~]$ ll /tmp
total 4
-rw-r--r-- 1 lican lican 30 May 23 2013 all_iplist.txt