zoukankan      html  css  js  c++  java
  • expect实现scp/ssh-copy-id非交互

    bash&shell系列文章:http://www.cnblogs.com/f-ck-need-u/p/7048359.html


    expect工具可以实现自动应答,从而达到非交互的目的。

    expect具体使用用法比较复杂,中文手册我正在翻译中,以后翻译完了做了整理再补。本文只有几个ssh相关最可能用上的示例。

    yum -y install expect

    1.1 scp自动应答脚本

    以下是scp自动问答的脚本。

    [root@xuexi ~]# cat autoscp.exp
    #!/usr/bin/expect
    ########################################################### # description:
    scp without interactive # # author : 骏马金龙 # # blog : http://www.cnblogs.com/f-ck-need-u/ # ########################################################### set timeout 10 set user_hostname [lindex $argv 0] set src_file [lindex $argv 1] set dest_file [lindex $argv 2] set password [lindex $argv 3] spawn scp $src_file $user_hostname:$dest_file expect { "(yes/no)?" { send "yes " expect "*assword:" { send "$password "} } "*assword:" { send "$password " } } expect "100%" expect eof

    用法:autoscp.exp [user@]hostname src_file dest_file [password]

    该自动回答脚本可以自动完成主机验证和密码认证,即使已经是实现公钥认证的机器也没问题,因为公钥认证机制默认优先于密码认证,且此脚本的password项是可选的,当然,在没有实现公钥认证的情况下,password是必须项,否则expect实现非交互的目的就失去意义了。

    以下是几个示例:

    [root@xuexi ~]# ./autoscp.exp 172.16.10.6 /etc/fstab /tmp 123456
    spawn scp /etc/fstab 172.16.10.6:/tmp
    The authenticity of host '172.16.10.6 (172.16.10.6)' can't be established.
    RSA key fingerprint is f3:f8:e2:33:b4:b1:92:0d:5b:95:3b:97:d9:3a:f0:cf.
    Are you sure you want to continue connecting (yes/no)? yes          # 主机验证时询问是否保存host key,自动回答yes
    Warning: Permanently added '172.16.10.6' (RSA) to the list of known hosts.
    root@172.16.10.6's password:                                        # 密码认证过程,自动回答指定的密码"123456"
    fstab                                                        100%  805     0.8KB/s   00:00

    也可以指定完成的用户名和主机名。

    [root@xuexi ~]# ./autoscp.exp root@172.16.10.6 /etc/fstab /tmp 123456
    spawn scp /etc/fstab root@172.16.10.6:/tmp
    root@172.16.10.6's password:         
    fstab                                 100%  805     0.8KB/s   00:00

    1.2 ssh-copy-id自动应答脚本

    以下是在建立公钥认证机制时,ssh-copy-id拷贝公钥到服务端的自动应答脚本。

    [root@xuexi ~]# cat /tmp/autocopy.exp
    #!/usr/bin/expect
    
    ###########################################################
    #  description: scp without interactive                   #
    #  author     : 骏马金龙                                   #
    #  blog       : http://www.cnblogs.com/f-ck-need-u/       #
    ###########################################################
    
    set timeout 10
    set user_hostname [lindex $argv 0]
    set password [lindex $argv 1]
    spawn ssh-copy-id $user_hostname
        expect {
            "(yes/no)?"
            {
                send "yes
    "
                expect "*assword:" { send "$password
    "}
            }
            "*assword:"
            {
                send "$password
    "
            }
        }
    expect eof

    用法:autocopy.exp [user@]hostname password

    以下是一个示例,

    [root@xuexi ~]# /tmp/autocopy.exp root@172.16.10.6 123456
    spawn ssh-copy-id root@172.16.10.6
    The authenticity of host '172.16.10.6 (172.16.10.6)' can't be established.
    RSA key fingerprint is f3:f8:e2:33:b4:b1:92:0d:5b:95:3b:97:d9:3a:f0:cf.
    Are you sure you want to continue connecting (yes/no)? yes      # 主机认证时,自动应答yes
    Warning: Permanently added '172.16.10.6' (RSA) to the list of known hosts.
    root@172.16.10.6's password:                                    # 密码认证时自动输入密码"123456"
    Now try logging into the machine, with "ssh 'root@172.16.10.6'", and check in:
     
      .ssh/authorized_keys
     
    to make sure we haven't added extra keys that you weren't expecting.

    1.3 批量ssh-copy-id自动应答

    如果要实现批量非交互,则可以写一个shell脚本调用该expect脚本。例如:

    [root@xuexi ~]# cat /tmp/sci.sh
    #!/bin/bash
    
    ###########################################################
    #  description: scp without interactive                   #
    #  author     : 骏马金龙                                   #
    #  blog       : http://www.cnblogs.com/f-ck-need-u/       #
    ###########################################################
     
    passwd=123456               # 指定要传递的密码为123456
    user_host=`awk '{print $3}' ~/.ssh/id_rsa.pub`   # 此变量用于判断远程主机中是否已添加本机信息成功
     
    for i in $@  
    do
            /tmp/autocopy.exp $i $passwd >&/dev/null
            ssh $i "grep "$user_host" ~/.ssh/authorized_keys" >&/dev/null  # 判断是否添加本机信息成功
            if [ $? -eq 0 ];then
                    echo "$i is ok"
            else
                    echo "$i is not ok"
            fi
    done

    用法:/tmp/sci.sh [user@]hostname

    其中hostname部分可以使用花括号展开方式枚举。但有个bug,最好ssh-copy-id的目标不要是脚本所在的本机,可能会强制输入本机密码,但批量脚本autocopy.exp则没有此bug。

    例如:

    [root@xuexi tmp]# /tmp/sci.sh 172.16.10.3 172.16.10.6
    172.16.10.3 is ok
    172.16.10.6 is ok
    [root@xuexi tmp]# /tmp/sci.sh 172.16.10.{3,6}
    172.16.10.3 is ok
    172.16.10.6 is ok
    [root@xuexi tmp]# /tmp/sci.sh root@172.16.10.3 172.16.10.6
    root@172.16.10.3 is ok
    172.16.10.6 is ok
  • 相关阅读:
    8月的list
    hdu 2853
    【问题交流】JAVA 基础 switch 执行顺序的问题
    h5/css动态旋转木马源码
    javascript系列丛书之读后感
    java运行闪退,报错如下,是因为ole32.dll的问题吗?
    js
    切换为文本框编辑状态,点击空白区域保存修改
    前端工程师源码分享:html5 2d 扇子
    2017武汉马拉松4月9日开跑啦~~~
  • 原文地址:https://www.cnblogs.com/f-ck-need-u/p/7542210.html
Copyright © 2011-2022 走看看