zoukankan      html  css  js  c++  java
  • ssh 四种免密操作

    ssh 四种免密操作

    启动三台虚拟机 192.168.120.128,192.168.120.129,192.168.120.131,在128机器上执行如下命令,生成公钥

    ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
    cat ~/.ssh/id_rsa.pub  >>~/.ssh/authorized_keys
    chmod 0600 ~/.ssh/authorized_keys 
    方式1:使用 ssh-copy-id命令
    ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.129
    ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.120.131

    方式2:使用scp命令
    scp ~/.ssh/id_rsa.pub  root@192.168.120.131:/root/.ssh/authorized_keys 

    方式1和方式2并不适合多主机(比如几十台或者上百台机器),因为每次传送之前都需要进行密码输入,采用sshpass和expect工具可实现自动化免密操作。

    方式3:使用sshpass
    • 使用yum 下载并安装sshpass
    yum install sshpass

    软件使用方法如下

    将128机器上的公钥复制给其他两台机器

    [root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub  root@192.168.120.131:/root/.ssh/authorized_keys 
    [root@bogon hadoop-2.9.2]# sshpass -p 'rootroot' scp ~/.ssh/id_rsa.pub  root@192.168.120.129:/root/.ssh/authorized_keys 
    方式4:使用交互式命令
    • 下载安装expect软件
    yum install expect
    

    • 创建测试脚本 vim ssh.sh,脚本内容如下
    #!/usr/bin/expect -d 
    set timeout 30
    spawn ssh-copy-id 192.168.120.128
    expect {
    "*yes/no" {send "yes
    "; exp_continue}
    "password:" {send "rootroot
    "}
    }
    expect eof
    • 测试结果如下
    [root@bogon home]# ./ssh.sh 
    expect version 5.45
    argv[0] = /usr/bin/expect  argv[1] = -d  argv[2] = ./ssh.sh  
    set argc 0
    set argv0 "./ssh.sh"
    set argv ""
    executing commands from command file ./ssh.sh
    spawn ssh-copy-id 192.168.120.128
    parent: waiting for sync byte
    parent: telling child to go ahead
    parent: now unsynchronized from child
    spawn: returns {1452}
    
    expect: does "" (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    
    expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    " (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
    ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
    ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
    Are you sure you want to continue connecting (yes/no)? 
    expect: does "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
    ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
    ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
    Are you sure you want to continue connecting (yes/no)? " (spawn_id exp6) match glob pattern "*yes/no"? yes
    expect: set expect_out(0,string) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
    ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
    ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
    Are you sure you want to continue connecting (yes/no"
    expect: set expect_out(spawn_id) "exp6"
    expect: set expect_out(buffer) "/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
    The authenticity of host '192.168.120.128 (192.168.120.128)' can't be established.
    ECDSA key fingerprint is SHA256:NjhJfx9nTYUu7F7TptYT1EmiZHLnmME4RcOHulvlG7Q.
    ECDSA key fingerprint is MD5:7c:ee:ea:ee:d4:c4:91:fc:36:2f:ae:49:af:0a:59:e7.
    Are you sure you want to continue connecting (yes/no"
    send: sending "yes
    " to { exp6 }
    expect: continuing expect
    
    expect: does ")? " (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    yes
    
    expect: does ")? yes
    " (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    expect: does ")? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    " (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
            (if you think this is a mistake, you may want to use -f option)
    
    
    expect: does ")? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    		(if you think this is a mistake, you may want to use -f option)
    
    " (spawn_id exp6) match glob pattern "*yes/no"? no
    "password:"? no
    expect: read eof
    expect: set expect_out(spawn_id) "exp6"
    expect: set expect_out(buffer) ")? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
    
    /usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
    		(if you think this is a mistake, you may want to use -f option)
    
    "
    expect: spawn id exp6 not open
        while executing
    "expect eof "
        (file "./ssh.sh" line 8)

    参照文档

  • 相关阅读:
    [转]C#获取文件的MD5值
    跨域ajax返回
    根据子表的条件修改主表的数据
    网络与多线程的设计例子
    网络与多线程的设计模式
    tcpdump移植和使用 -- by Johnson
    关于程序的歪门邪说--by Johnson
    重装系统——联想window 10
    Qt项目中error: C2001: newline in constant错误的解决
    使用NSIS制作Windows安装程序快速入门
  • 原文地址:https://www.cnblogs.com/zhengzuozhanglina/p/11417053.html
Copyright © 2011-2022 走看看