利用expect的交互功能,自动配置信任机器之间的信任关系。
代码里会判断机器是否生成了秘钥,如果没有生成过,则自动帮助你执行 ssh-keygen
ssh_expect.sh 程序依赖expect 命令,用户可以通过同路径的 hosts.properties 文件配置需要设置的信任关系
ssh_expect.sh 程序源码
#!/bin/sh HOSTS_PROPERTIES="hosts.properties" expect_ssh_copy_id() { if [ "$#" -ne "5" ]; then echo "expect_ssh_copy_id <remoteUser> <remoteHostname> <password> <localUserhome> <timeout>"; exit 1; fi local remoteUser=$1 local remoteHostname=$2 local password=$3 local localUserhome=$4 local timeout=$5 expect -c " set timeout $timeout spawn ssh-copy-id -i $localUserhome/.ssh/id_rsa.pub $remoteUser@$remoteHostname expect { "*yes/no" { send "yes "; exp_continue } "*assword:" { send "$password " } } expect eof " > /dev/null 2>&1 } expect_ssh_keygen() { if [ "$#" -ne "2" ]; then echo "expect_ssh_keygen <localUserhome> <timeout>"; exit 1; fi local localUserhome=$1; local timeout=$2; if [ -f ${localUserhome}/.ssh/id_rsa.pub -a -f ${localUserhome}/.ssh/id_rsa ] ; then echo -e " ${localUserhome}/.ssh has created id_rsa.pub and id_rsa" else echo -e " ${localUserhome}/.ssh has not created id_rsa.pub and id_rsa.pub" expect -c " set timeout $timeout spawn ssh-keygen expect { "*save the key*id_rsa*" {send " "; exp_continue } "*verwrite*y/n*" { send "y "; exp_continue } "*passphrase*passphrase*" { send " "; exp_continue } "*same passphrase*" {send " " } } expect eof exit 0 " > /dev/null 2>&1 if [ "$?" -eq "0" ] ; then echo -e " create id_rsa.pub,id_rsa successfully" else echo -e " create id_rsa.pub,id_rsa faild" fi fi } configure_trust_relation() { if [ "$#" -ne "5" ]; then echo "configure_trust_relation <remoteUser> <remoteHostname> <password> <localUserhome> <timeout>"; exit 1; fi local remoteUser=$1 local remoteHostname=$2 local password=$3 local localUserhome=$4 local timeout=$5 expect -c " set timeout $timeout set trust true set passwdRight true # # checking remote machine is be trusted # if trust, return 0 # if not trust, return 1 # if passwd wrong, return 2 # spawn ssh $remoteUser@$remoteHostname expect { "*yes/no" { send "yes " ; exp_continue } "*assword:" { send "$password " ; set trust false } } expect { "*assword:" { send "�03" ; set passwdRight false } } if { "$passwdRight" == "false" } { expect eof exit 2 } expect { *$* } send "exit " sleep 1 if { "$trust" == "false" } { expect eof exit 1 } expect eof exit 0 " > /dev/null 2>&1 rn=$? if [ "$rn" -eq "1" ] ; then echo -e " ${remoteUser}@${remoteHostname} is not be trusted, then exec ssh-copy-id to remote machine" #expect_ssh_keygen $localUserhome $timeout expect_ssh_copy_id $remoteUser $remoteHostname $password $localUserhome $timeout else if [ "$rn" -eq "0" ] ; then echo -e " ${remoteUser}@${remoteHostname} is be trusted" else if [ "$rn" -eq "2" ] ; then #echo -e " ${remoteHostname}@${remoteUser}'s passwd is wrong" echo -e " @@@@@@@ ERROR @@@@@@@" echo -e " @@@@@@@ [${remoteUser}@${remoteHostname}] passwd is wrong @@@@@@@" fi fi fi } function configure_all_hosts() { local localUserhome=$1 local timeout=$2 expect_ssh_keygen $localUserhome $timeout cat ${filepath}/${hosts_properties} | grep -v "<" | grep -v "#" | while read line do local remoteHostname=$(echo $line | awk -F ' ' '{print $1}') local remoteUser=$(echo $line | awk -F ' ' '{print $2}') local password=$(echo $line | awk -F ' ' '{print $3}') echo "************* [ $remoteUser@$remoteHostname ] *************" ping -c 1 $remoteHostname > /dev/null 2>&1 if [ a"$?" != "a0" ] ; then echo -e " @@@@@@@ ERROR @@@@@@@" echo -e " @@@@@@@ [$remoteHostname] cannot be connected @@@@@@@" continue; fi configure_trust_relation $remoteUser $remoteHostname $password $localUserhome $timeout done } main() { echo "************* [ BEGIN ] *************" which expect > /dev/null 2>&1 if [ "$?" -ne "0" ]; then echo "expect is not exists" exit 1; fi hosts_properties=${HOSTS_PROPERTIES} filepath=$( cd "$(dirname $0)"; pwd; ) localUserhome=$(cd ~;pwd;); timeout=5; configure_all_hosts ${localUserhome} ${timeout}; echo "************* [ OVER ] *************" } main
hosts.properties 文件内容
#<hostname> <user> <password> r730xd-c1 sdbadmin sdbadmin r730xd-c2 sdbadmin sdbadmin chen root root123 r730xd-c3 sdbadmin sdbadmin chen2 root root1907 r730xd-c2 root root1907
程序执行方法
sh ssh_expect.sh
输出
************* [ BEGIN ] *************
/home/sdbadmin/.ssh has not created id_rsa.pub and id_rsa.pub
create id_rsa.pub,id_rsa successfully
************* [ sdbadmin@r730xd-c1 ] *************
sdbadmin@r730xd-c1 is not be trusted, then exec ssh-copy-id to remote machine
************* [ sdbadmin@r730xd-c2 ] *************
sdbadmin@r730xd-c2 is not be trusted, then exec ssh-copy-id to remote machine
************* [ root@chen ] *************
@@@@@@@ ERROR @@@@@@@
@@@@@@@ [chen] cannot be connected @@@@@@@
************* [ sdbadmin@r730xd-c3 ] *************
sdbadmin@r730xd-c3 is not be trusted, then exec ssh-copy-id to remote machine
************* [ root@chen2 ] *************
@@@@@@@ ERROR @@@@@@@
@@@@@@@ [chen2] cannot be connected @@@@@@@
************* [ root@r730xd-c2 ] *************
root@r730xd-c2 is not be trusted, then exec ssh-copy-id to remote machine
************* [ OVER ] *************