Centos下 自动化配置SSH免密码登陆

hosts文件,存储要部署的节点IP地址,其中以#开头表示注释掉

192.168.101.52
192.168.101.53
192.168.101.54
192.168.101.55
192.168.101.56

 

start.sh文件 在hosts文件中存储的所有节点上,生成默认的公钥和私钥,其中单个节点生成的脚本在keygen文件中

#!/bin/bash

# ssh-keygen every node
hosts="hosts"

if [ -f hosts ]
then
    echo "Start ssh free"
else
    echo "Please add hosts file"
    exit 1
fi

if [ $# != 2 ]
then
    echo "USAGE:$0 user password!"
    exit 1
else
    username=$1
    pawdname=$2
    #login every node and ssh-keygen
    for x in `cat hosts | sed "/^#.*/d"`
    do
        #echo ${x}
        if [ -f keygen ]
        then
            expect keygen ${username} ${x} ${pawdname}
        else
            echo "ssh-keygen not exists"
            echo "Please check it"
            exit 1
        fi
    done
fi

  keygen文件  在单个节点上生成公钥和私钥

#!/usr/bin/expect -f

set timeout 2

set name [lindex $argv 0]
set node [lindex $argv 1]
set pawd [lindex $argv 2]

spawn ssh ${name}@${node}
expect {
    "*yes/no*" {send "yes\n";exp_continue}
    "*password:" {send "$pawd\r"}
}

expect "*${name}@${node}*"
send "ssh-keygen -t rsa -P ''\r"
expect "*ssh/id_rsa):"
send "\r"
expect {
    "Overwrite (y/n)?" {send "y\n";exp_continue}
    "*${name}@${node}*" {send "exit\r"}
}
expect eof
exit

  备注:请注意,不同版本的提示输出不一样,可能需要读者手动更改keygen 文件中,expect后面的语句

  上述几个文件,就可以完成在指定的节点上,生成密钥对了,下面来看下后续处理生成密钥的过程,代码如下:

 

author.sh   将start.sh脚本中生成的公钥写入到authorized_keys中,并将其上传到各个节点上,最后更改该文件的权限

 

#!/bin/bash
TMP="tmps"
rm -rf ${TMP}
mkdir ${TMP}

TMP=`cd ${TMP};pwd`
HOST="hosts"
USER=""
PAWD="111111"

if [ $# == 1 ]
then
    USER=$1
elif [ $# == 2 ]
then
    USER=$1
    PAWD=$2
else
    echo "USAGE:$0 username"
    echo "USAGE:$0 username password"
    exit 1
fi

echo ${USER}" "${PAWD}


#download id_rsa.pub from every node to the tmp dir
count=1
for x in `cat ${HOST}| sed "/^#.*/d"`
do
    expect download ${USER} ${x} ${PAWD} "${TMP}/${count}"
    count=`expr $count + 1`
done

#let all id_rsa.pub into authorized_keys
count=1
for x in `ls ${TMP}/*`
do
    if [ count == 1 ]
    then
        cat ${x} > /home/${USER}/.ssh/authorized_keys
    else
        cat ${x} >> /home/${USER}/.ssh/authorized_keys
    fi
    count=`expr $count + 1`
done

#upload the authorized_keys to every node
for x in `cat ${HOST}| sed "/^#.*/d"`
do
    expect upload ${USER} ${x} ${PAWD}
done

#chmod 600 to authorized_keys
for x in `cat ${HOST}| sed "/^#.*/d"`
do
    expect priority ${USER} ${x} ${PAWD}
done

 

  download 和upload脚本比较简单,就当作给读者的练习题吧,如果需要完整的代码,欢迎从这里下载:https://github.com/nashiyue/fssh.git

 

posted @ 2015-11-28 19:06  LiuWei_Find  阅读(809)  评论(0)    收藏  举报