centos7 使用expect批量修改sshd配置、ssh免登陆、关闭防火墙、selinux

批量修改sshd配置文件：

首先生成服务器列表：

vi  hostsList.sh

#!/bin/bash
preIp="192.168.131."
pwd="jCTpj^Zz5D>Qsgqv"
for i in `seq 91 110`;
do
 echo -e $preIp$i $pwd >> hostsLists.txt
done

生成hostsLists.txt文件结果如下：

因为不知道hostLists服务器列表root用户密码，只能先ssh到app用户然后再切换到root用户，再修改/etc/ssh/sshd_config配置文件，将PermitRootLogin no配置文件修改成PermitRootLogin yes。

editsshconfig.sh 

#!/bin/bash
for row in `cat $1 | awk '{printf("%s:%s:%s
"),$1,$2,$3}'`
  do
ip=`echo ${row} | awk -F ':' '{print $1}'`
passwd=`echo ${row} | awk -F ':' '{print $2}'`
echo $ip
echo $passwd
/usr/bin/expect <<-EOF
spawn ssh app@$ip
expect "password:"
send "$passwd
"
expect "*$*"
send "sudo su -
"
expect "*#*"
send "sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config
"
expect "*#*"
send "systemctl restart sshd
"
expect "*#*"
send "exit
"
expect "*$*"
exit
EOF
 
done

 执行./editsshconfig.sh hostsLists.txt命令即可批量修改服务器的ssh配置。

ssh免登陆：

另外还有个需求是192.168.131.60服务器ssh免登陆到上面的服务器列表。

192.168.131.60 ssh登录公钥

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAxAvHYJaGCoovrRsHCWCLvktkuOYACuD7kAYRmWUQHuJcy8rIzcU+rC6CiQ8ZxM43x9T4Z2PLAGtw0ChhPb36HwUR7UEBhMH7fZIbtQloiFVDcby8hjJkJSf4LgcdrD9M5D1XDqRuFk0VIWH+R3JJTiT/2zLlQzRIAOsD8o4WHZ6XflbdM8tFa7Keiu2B+vZpakEZPmIzD/+z0pAXGI+oawQBiNzlTf/MG7eanfl2LlrhPtLHZU0wmzABFpMBqWaLAbvr4EpfPVplYAC3VePRdBwa02QOjqq6ISc0m7zy8dpl2nWa2dLSA2VJBWI4bBjZjdQpnOecVlzYjG0OAjjfwB6DaWs/RiJ9qN+r8G7iFqd5ftUmqFnTEeFRkBgMIsRjdnMOlXsPRjmOq8vMmLnEWoETzl522idNFUfOVAa5RC11Jv3y7HE0VY17RDQdnl9DKyYu0//wviyum8tVT0cm8W3BGUKXWOYZeF009Jd+qERa06lbfgbPbjugV7BDF1E= root@master-60

sshnologin.sh

#!/bin/bash
for row in `cat $1 | awk '{printf("%s:%s:%s
"),$1,$2,$3}'`
  do
ip=`echo ${row} | awk -F ':' '{print $1}'`
passwd=`echo ${row} | awk -F ':' '{print $2}'`
echo $ip
echo $passwd
/usr/bin/expect <<-EOF
spawn ssh app@$ip
expect "password:"
send "$passwd
"
expect "*$*"
send "sudo su -
"
expect "*#*"
send "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAxAvHYJaGCoovrRsHCWCLvktkuOYACuD7kAYRmWUQHuJcy8rIzcU+rC6CiQ8ZxM43x9T4Z2PLAGtw0ChhPb36HwUR7UEBhMH7fZIbtQloiFVDcby8hjJkJSf4LgcdrD9M5D1XDqRuFk0VIWH+R3JJTiT/2zLlQzRIAOsD8o4WHZ6XflbdM8tFa7Keiu2B+vZpakEZPmIzD/+z0pAXGI+oawQBiNzlTf/MG7eanfl2LlrhPtLHZU0wmzABFpMBqWaLAbvr4EpfPVplYAC3VePRdBwa02QOjqq6ISc0m7zy8dpl2nWa2dLSA2VJBWI4bBjZjdQpnOecVlzYjG0OAjjfwB6DaWs/RiJ9qN+r8G7iFqd5ftUmqFnTEeFRkBgMIsRjdnMOlXsPRjmOq8vMmLnEWoETzl522idNFUfOVAa5RC11Jv3y7HE0VY17RDQdnl9DKyYu0//wviyum8tVT0cm8W3BGUKXWOYZeF009Jd+qERa06lbfgbPbjugV7BDF1E= root@master-60' > /root/.ssh/authorized_keys
"
expect "*#*"
send "exit
"
expect "*$*"
exit
EOF
  
done

 执行./sshnologin.sh hostsLists.txt命令即可批量修改192.168.131.60服务器ssh免登陆到hostsLists服务器列表的配置。　　

关闭防火墙：

关闭服务器列表的防火墙。stopfirew.sh

#!/bin/bash
for row in `cat $1 | awk '{printf("%s:%s:%s
"),$1,$2,$3}'`
  do
ip=`echo ${row} | awk -F ':' '{print $1}'`
passwd=`echo ${row} | awk -F ':' '{print $2}'`
echo $ip
echo $passwd
/usr/bin/expect <<-EOF
spawn ssh app@$ip
expect "password:"
send "$passwd
"
expect "*$*"
send "sudo su -
"
expect "*#*"
send "systemctl stop firewalld
"
expect "*#*"
send "systemctl disable firewalld
"
expect "*#*"
send "exit
"
expect "*$*"
exit
EOF

done

 执行./stopfirew.sh hostsLists.txt即可批量关闭hostlists服务器列表的防火墙。