zoukankan      html  css  js  c++  java

  • 免交互批量分发公钥的实现

    生成公钥私钥

     每次连接都要输入密码

    linux-秘钥生成

    上面链接配置文件名字错了,应为vim /etc/ssh/sshd_config

    操作命令过程:

    [root@mcw1 ~]# ls .ssh/
    ls: cannot access .ssh/: No such file or directory
    [root@mcw1 ~]# ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa):
    Created directory '/root/.ssh'.
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:Od+6HjBBrHeUA5MP8rwckdakM89XrZNf0/kOjRPB4eI root@mcw1
    The key's randomart image is:
    +---[RSA 2048]----+
    | .+*.. . |
    | ..Bo= o o |
    | *== .. = .|
    | . =Bo. o +o|
    | oS+o E =oo|
    | o= o *+|
    | o . + +|
    | o + |
    | .+. .|
    +----[SHA256]-----+
    [root@mcw1 ~]# ls .ssh/
    id_rsa id_rsa.pub
    [root@mcw1 ~]# ls -ld .ssh/
    drwx------ 2 root root 38 Jul 30 17:50 .ssh/
    [root@mcw1 ~]# cat .ssh/id_rsa.pub >>.ssh/authorized_keys
    [root@mcw1 ~]# chmod 600 .ssh/authorized_keys

    单台免交互分发公钥:

    参考:https://blog.51cto.com/vinsent/1970780

    [root@mcw1 ~]# cat 3.sh 
#!/usr/bin/expect
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 172.168.1.5
expect {
    "yes/no" { send "yes
";exp_continue }      # 替你回答下载公钥是的提示
    "password" { send "123456
" }         # 提示输入密码
}
interact
expect eof

    多台批量免交互分发公钥:

    [root@vinsent app]# cat ssh_auto.sh 
#!/bin/bash
#------------------------------------------#
# FileName:             ssh_auto.sh
# Revision:             1.1.0
# Date:                 2017-07-14 04:50:33
# Author:               vinsent
# Email:                hyb_admin@163.com
# Website:              www.vinsent.cn
# Description:          This script can achieve ssh password-free login, 
#                       and can be deployed in batches, configuration
#------------------------------------------#
# Copyright:            2017 vinsent
# License:              GPL 2+
#------------------------------------------#
[ ! -f /root/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -P '' &>/dev/null  # 密钥对不存在则创建密钥
while read line;do
        ip=`echo $line | cut -d " " -f1`             # 提取文件中的ip
        user_name=`echo $line | cut -d " " -f2`      # 提取文件中的用户名
        pass_word=`echo $line | cut -d " " -f3`      # 提取文件中的密码
expect <<EOF
        spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user_name@$ip   # 复制公钥到目标主机
        expect {
                "yes/no" { send "yes
";exp_continue}     # expect 实现自动输入密码
                "password" { send "$pass_word
"}
        }
        expect eof
EOF

done < /root/host_ip.txt      # 读取存储ip的文件

    host_ip.txt文件可以通过手动写(当然了这就显得不自动化)你可以使用扫描工具扫描你网络中的主机,然后配合awk等工具生成该文件。ip地址即登录用户名密码的文件实例:

    [root@vinsent app]# cat host_ip.txt 
172.18.14.123 root 123456
172.18.254.54 root 123456

    这样就能批量执行命令了:

    参考链接:

    https://blog.51cto.com/vinsent/1970780

    https://www.cnblogs.com/panchong/p/6027138.html
  • 相关阅读:
    正则匹配
    去除数组、对象某个元素
    换行
    a标签问题
    vue的坑
    宽度100%-20px ,css样式设置超出部分...
    搜狗密码框自带小键盘问题
    阻止button刷新页面
    Java IO流经典练习题
    Java中统计字符串中各个字符出现的次数
  • 原文地址:https://www.cnblogs.com/machangwei-8/p/11272824.html
Copyright © 2011-2022 走看看