Linux信任登录,免密码登录的脚本:
需要安装expect,可以yum也可以编译安装,编译后注意脚本中的expect路径。
rsa.exp
#!/usr/bin/expect ################################################## # # # Author: # # Date: 2011-06-20 # # Descrition: SSH auto create rsa key at local # # # ################################################## # Get parameter set dbip [lindex $argv 0] set pass [lindex $argv 1] # create local rsa key spawn ssh-keygen -t rsa; expect "*(/root/.ssh/id_rsa):"; send " "; expect "*(empty for no passphrase):"; send " "; expect "*Enter same passphrase again:"; send " "; expect eof
pubKey.exp
#!/usr/bin/expect ################################################## # # # Author: # # Date: 2011-07-29 # # Descrition: SSH auto add accredit to server # # # ################################################## # Get parameter set dbip [lindex $argv 0] set pass [lindex $argv 1] set timeout 30 # create .ssh dir spawn ssh root@$dbip expect { "yes/no" { send "yes "; exp_continue} "password:" { send "$pass "; expect { "Last login" { send "mkdir -p /root/.ssh "; send "chmod 700 /root/.ssh " } } } "Last login" { exit } } expect "" # scp rsa key to remote server spawn scp /root/.ssh/id_rsa.pub root@$dbip:/root/.ssh/id_rsa.pub.tmp; expect "*password:"; send "$pass "; expect eof spawn ssh root@$dbip cat /root/.ssh/id_rsa.pub.tmp >> /root/.ssh/authorized_keys expect "*password:"; send "$pass "; expect eof spawn ssh root@$dbip rm -f /root/.ssh/id_rsa.pub.tmp
在登录时系统提示信息,例如提示:
Address 10.1.1.1 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
可以通过修改sshd配置取消输出,以免影响自动化部署脚本允许:
[root@zabbix ~]# sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config ; service sshd restart