shell编程-ssh免交互批量分发公钥脚本

脚本基本原理

1、控制端免交互创建秘钥和公钥：

ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""

2、免交互发送公钥

sshpass -ppassword ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no user@172.25.0.21"

sshpass              # 非交互式SSH密码提供

-o StrictHostKeyChecking=no　# 不提示，ssh将自动添加新的主机密钥用户已知主机文件。

更多参数可以参考man ssh_config

ssh-copy-id        # 本质上是调用ssh命令，进行远程拷贝公钥的一个脚本，其中值得关注的是脚本中的“shift”，它能够将传参的参数依次向前推进。

which ssh-copy-id
/usr/bin/ssh-copy-id
　　以下为shift在ssh-copy-id命令中使用的典型代码
if [ "-i" = "$1" ]; then
  shift
  # check if we have 2 parameters left, if so the first is the new ID file
  if [ -n "$2" ]; then
    if expr "$1" : ".*.pub" > /dev/null ; then
      ID_FILE="$1"
    else
      ID_FILE="$1.pub"
    fi
    shift         # and this should leave $1 as the target name
  fi
else
  if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
    GET_ID="$GET_ID ssh-add -L"
  fi
fi

以下为shift示例代码，能够加助理解shift将参数依次向前推进的含义

cat shift_test.sh 
#!/bin/bash
until [ $# -eq 0 ];do
    echo $*
    shift
done
bash shift_test.sh 1 2 3 4 5
1 2 3 4 5
2 3 4 5
3 4 5
4 5
5

ssh免交互分发公钥的脚本

脚本功能：

1、能够输入选项 -h/--hlep查看帮助

2、不输入参数进行默认分发

3、可以指定主机的IP或者可以被解析的主机名进行分发

4、提示输出友好

5、能够自动检测已经分发了的主机，分发过了的就不再重复分发

6、代码尽量简洁

7、指定多个主机进行批量分发

效果示例1：帮助

效果示例2：默认分发、指定一个主机分发

 

 效果示例3：指定多个主机同时进行批量分发

源码如下：

#!/bin/bash
# mzy 2019-09-22 Add Features
# another： 梅钟园  4 # contact QQ：359462962
export PATH=/bin:$PATH

# output command help manual
function output_help(){
    echo -e "Usage :

--help|-h	get command help.
	e.g:batchsent.sh --help

command public key distribution:
	e[40;32;1mbatchsent.sh [ip/hostname]e[0;0;0m

example:
	e.g:batchsent.sh 192.168.0.1
	or use default batchsent public key:
	e.g:batchsent.sh

explanation:
	1.hostname needs to be able to be resolved IP address.
	2.Run this script need to have root privileges.
	3.The current system needs to be able to use yum install sshpass software."
}

# Check whether the IP address or host name of the obvious error
function check_ip_format(){
    ip=$1
    echo ${ip} |sed -r 's#([0-9]+).#1#g' |test -n "`sed -n '/^[0-9][0-9]*$/p'`" >/dev/null 2>&1
    if [ $? -eq 0 ];then
        count=`echo ${ip}|sed -r 's#([0-9]+).#1
#g'|grep -v '^$' | wc -l`
        if [ ${count} -eq 4 ];then
            return 0
        else
            echo -e "e[40;31;1merrore[0;0;0m:this host(${ip}) ip---e[40;31;1mThere are obvious errorse[0;0;0m"
            output_help
            return 1
        fi
    else
        ping -c 3 ${ip} >/dev/null 2>&1
        if [ $? -eq 0 ];then
            return 0
        else
            echo -e "e[40;31;1merrore[0;0;0m:this host(${ip}) name---e[40;31;1mcan not be resolvede[0;0;0m"
            output_help            
            return 1
        fi
    fi
}

# Single IP or host public key distribution
function sent_pub_key(){
    ip=$1
    sshpass -prewqrewsdsds ssh "-o StrictHostKeyChecking=no" root@${ip} hostname >/dev/null 2>&1
    if [ $? -eq 0 ];then
        echo -e "${ip} 	public keys e[40;34;1malready existe[0;0;0m,can be used normally."
    else
        ping -c 3 ${ip} >/dev/null 2>&1
        if [ $? -eq 0 ];then
            sshpass -ptemplate ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no root@${ip}" >/dev/null 2>&1
            echo -e "${ip} 	public keys e[40;32;1msent successfullye[0;0;0m,can be used normally."
        else
            echo -e "${ip} 	this host(${ip}) is e[40;31;1mnot onlinee[0;0;0m"
        fi
    fi
}

# define default host
function default_batch_sent_pub_key(){
    for ip_addr in 172.16.0.{31,41,51,71,5,6,7,8,9};do
        sent_pub_key ${ip_addr}
    done
}

# default ip or host public key distribution
function batch_sent_pub_key(){
    ip_addr=$1
    sent_pub_key ${ip_addr}
}

# check the packages needed
function check_sshpass(){
    if [ ! -f /usr/bin/sshpass ];then
        yum install -y sshpass >/dev/null 2>&1
        if [ $? -ne 0 ];then
            echo -e "e[40;31;1merrore[0;0;0m:install sshpass failed,check to see if the current user has root privileges."
            exit 1
        fi
    fi
}

# check -h or --help args
function check_help_args(){
    args=$1
    case ${args} in
    "--help")
        output_help
        exit 1
        ;;
    "-h")
        output_help
        exit 1
        ;;
    esac
}

# The implementation of public key distribution by check_help_args function
# In this way the code is more complex, not recommended
function exec_batch_sent_by_check_help_args(){
    check_help_args $1
    if [ $# -eq 1 ];then
        check_ip_format $1
        if [ $? -eq 0 ];then
            batch_sent_pub_key $1
        fi
    fi
}

# The implementation of public key distribution by if statment
# Such code simpler, recommended
function exec_batch_sent_by_if_statment(){
    if [ $# -eq 1 ];then
        if [ $1 == '--help' ] || [ $1 == '-h' ];then
            output_help
        else
            check_ip_format $1
            if [ $? -eq 0 ];then
                batch_sent_pub_key $1
            fi
        fi
    fi
}

# Check the generated keys
function check_the_generated_keys(){
    if [ -f /root/.ssh/id_rsa -a -f /root/.ssh/id_rsa.pub ];then
        return 0
    else
        ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""
        if [ $? -eq 0 ];then
            return 0
        else
            echo -e "e[40;31;1merrore[0;0;0m:install sshpass failed,check to see if the current user has root privileges."
            return 1
        fi
    fi
}

# main
if [ $# -eq 0 ];then
    check_sshpass
    check_the_generated_keys
    if [ $? -eq 0 ];then
        default_batch_sent_pub_key
    else
        exit 1
    fi
else
    until [ $# -eq 0 ];do
        check_sshpass
        check_the_generated_keys
        if [ $? -eq 0 ];then
            exec_batch_sent_by_if_statment $1
        else
            exit 1
        fi
        shift
    done
fi