非交互式工具:expect,sshpass,pash
在管理机m01上面安装expece
[root@m01 ~]# rpm -qa expect #检查有没有安装expect
[root@m01 ~]# yum install expect -y #用yum安装expect安装完后再查看是否有
[root@m01 ~]# rpm -qa expect
expect-5.44.1.15-5.el6_4.x86_64检查已经安装
非交互式生成密钥及实现批量管理:
1、所有机器创建用户及密码
useradd oldgirl888
echo 123456|passwd --stdin oldgirl888
id oldgirl888
su - oldgirl888
2、生成密钥对
[oldgirl888@m01 ~]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
3、分发密钥
ssh-copy-id -i .ssh/id_dsa.pub "-p 52113 oldgirl@172.16.1.31"
[root@m01 ~]# yum install lrzsz -y
[oldgirl888@m01 ~]$ pwd/home/oldgirl888在家目录写入如下脚本[oldgirl888@m01 ~]$ cat fenfa_sshkey.exp#!/usr/bin/expectif { $argc !=2 } { send_user "usage: expect fenfa_sshkey.exp file host\n" exit}#define varset file [lindex $argv 0]set host [lindex $argv 1]set password "123456"#spawn scp /etc/hosts root@10.0.0.142:/etc/hosts#spawn scp -P52113 $file oldboy@$host:$dirspawn ssh-copy-id -i $file "-p 22 oldgirl888@$host"expect { "yes/no" {send "yes\r" ;exp_continue} "password" {send "$password\r"}}expect cofexit -onexit { send_user "oldboy say good bye to you!\n"}#script usage#expect oldboy-6.exp file host dir#example#expect fenfa_sshkey.exp file host dir#expect fenfa_sshkey.exp ~/etc/hosts 10.0.0.41:~
然后运行:
[oldgirl888@m01 ~]$ expect fenfa_sshkey.exp .ssh/id_dsa.pub 172.16.1.31
在nfs服务器上面可以看到分发的公钥了
[oldgirl888@nfs01 ~]$ ls
[oldgirl888@nfs01 ~]$ ls .sshauthorized_keys在m01机器上验证公钥是否生效:
[oldgirl888@m01 ~]$ ssh -p22 oldgirl888@172.16.1.31 /sbin/ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0C:29:EB:DA:9F inet addr:10.0.0.31 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:feeb:da9f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:345 errors:0 dropped:0 overruns:0 frame:0 TX packets:255 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:29478 (28.7 KiB) TX bytes:24332 (23.7 KiB)
这就说明自动分发公钥成功了。
批量搞:
[oldgirl888@m01 ~]$ cat fenfa_sshkey.sh #!/bin/sh. /etc/init.d/functionsfor ip in 8 31 41do expect fenfa_sshkey.exp ~/.ssh/id_dsa.pub 172.16.1.$ip >/dev/null 2>&1 if [ $? -eq 0 ];then action "$ip" /bin/true else action "$ip" /bin/false fidone
运行脚本:
[oldgirl888@m01 ~]$ sh fenfa_sshkey.sh 8 [ OK ]31 [FAILED] #报错是因为第一次测试已经传递完了公钥了。41 [ OK ]
再次验证:在m01机器上面ssh远程41机器执行ifconfig命令没有出现提示输入密码,验证成功。
[oldgirl888@m01 ~]$ ssh -p22 oldgirl888@172.16.1.41 /sbin/ifconfig eth0eth0 Link encap:Ethernet HWaddr 00:0C:29:2D:96:D8 inet addr:10.0.0.41 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2d:96d8/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:329 errors:0 dropped:0 overruns:0 frame:0 TX packets:255 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:27769 (27.1 KiB) TX bytes:23496 (22.9 KiB)
然后在管理机上面就可以分发软件了