自动化部署 - 集群配置SSH免密自动化脚本

原理 从服务器A登录到服务器B,借用网上的一张图片


图片来源

具体的操作:
A上面生成私钥公钥对,拷贝公钥内容追加写入到B的授权文件/root/.ssh/authorized_keys

上面的是单机操作,如果应对到几台/几十台的集群配置,手动去配置,那么需要配置n x 3次,这酸爽,手动表情[哭笑不得]

以下通过一个shell脚本,自动生成各台机器的id_rsa密钥对,并将所有机器的公钥写入到文件中,再自动将该文件内容分发到所有服务器并且将文件内容追加写入到authorized_keys文件

以下仅记录脚本,不做步骤解释

新建一个host.file,里面填写各台机器的地址、root用户和root密码,格式ip/domain:root:password,举例

host.file
1
2
3
4
domainA:root:123456
domainB:root:123456
192.168.1.100:root:123456
192.168.1.101:root:123456

各个机器可以互相连接,将host.file 和 免密脚本拷贝到其中一台机器上,这里假设为domainA

执行

1
2
3
sh ./mianmi.sh <localIP> <sshPort>
--#eg.
sh ./mianmi.sh domainA 22

mianmi.sh

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
#!/bin/bash
#set -e

PORT=$2
LOCAL=$1


function copy(){
expect -c "
set timeout -1;
spawn scp -P$1 $2:/root/.ssh/id_rsa.pub ./key/$2key
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"$3\r\"; exp_continue}
}"
}


if [ $# -ne 2 ];then
echo "please user in : ./mianmi.sh local_ip ssh_port"
exit 1
fi


if [ $USER = root ];then
echo "yum install expect -y -d 0 -e 0"
yum install expect -y -d 0 -e 0

if [ $? != 0 ];then
echo "please chech your yum resource"
exit 1
fi

fi


L=0
for i in `cat host.file`
do
ip[$L]=`echo $i |awk -F: '{print $1}'`
user[$L]=`echo $i |awk -F: '{print $2}'`
password[$L]=`echo $i |awk -F: '{print $3}'`

let "L=$L+1"

done

for((i=0;i<${#ip[@]};i++))
do
echo ${ip[$i]}
if [ $LOCAL != ${ip[$i]} ];then

result=`copy $PORT ${ip[$i]} ${password[$i]}`
echo $result |grep 100%
if [ $? -ne 0 ];then
expect -c "
set timeout -1;
spawn ssh -p$PORT ${user[$i]}@${ip[$i]} 'ssh-keygen'
expect {
\"*password*\" {send \"${password[$i]}\r\"; exp_continue}
\"*Enter file*\" {send \"\r\"; exp_continue}
\"*Enter passphrase*\" {send \"\r\"; exp_continue}
\"*Enter same passphrase*\" {send \"\r\"; exp_continue}
\"*The key fingerprint*\" {send \"\r\"; exp_continue}
}"

echo "successs make key"
fi
else
if [ ! -f /root/.ssh/id_rsa.pub ];then
expect -c "
set timeout -1;
spawn ssh-keygen
expect {
\"*Enter file*\" {send \"\r\"; exp_continue}
\"*Enter passphrase*\" {send \"\r\"; exp_continue}
\"*Enter same passphrase*\" {send \"\r\"; exp_continue}
\"*The key fingerprint*\" {send \"\r\"; exp_continue}
}"
fi
echo "yum install rsync -y -d 0 -e 0"
yum install rsync -y -d 0 -e 0
rsync -avvP /root/.ssh/id_rsa.pub ./key/${ip[$i]}key
fi

if [ $LOCAL != ${ip[$i]} ];then
result=`copy $PORT ${ip[$i]} ${password[$i]}`
echo $result |grep 100%
if [ $? -ne 0 ];then
echo "failed to excute the command,please check your network or other reason "
fi
fi


done


for i in `ls ./key`
do
cat ./key/$i >> /root/.ssh/authorized_keys
done
chmod 600 /root/.ssh/authorized_keys


for((i=0;i<${#ip[@]};i++))
do


if [ $LOCAL != ${ip[$i]} ];then
expect -c "
set timeout -1;
spawn scp -P$PORT /root/.ssh/authorized_keys ${ip[$i]}:/tmp
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"${password[$i]}\r\"; exp_continue}
}"

expect -c "
set timeout -1;
spawn ssh -p$PORT ${ip[$i]} \"cat /tmp/authorized_keys >> /root/.ssh/authorized_keys \"
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"${password[$i]}\r\"; exp_continue}
}"


expect -c "
set timeout -1;
spawn ssh -p$PORT ${ip[$i]} \"chmod 600 /root/.ssh/authorized_keys \"
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"${password[$i]}\r\"; exp_continue}
}"
fi
done

Comments

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×