shell(49) : 多个服务器批量设置相互免密

写在前面

CentOS Linux release 7.9.2009 (Core) 系统已验证
默认root账户, 其他账户无效
创建[auto_mm.sh]必须vi创建文件然后粘贴

1.安装expect

1.1.在线安装

yum install -y tcl
yum install -y expect

1.2.离线安装(选其中一个即可)

1.2.1.在能联通公网的机器导出rpm包到不能联通公网的机器安装

参考 shell(30) : yum导出依赖包并离线安装_yum 导出包-CSDN博客

repotrack expect

1.2.2.百度网盘下载

待补充 ...

1.2.3.CSDN下载

待补充 ...

2.填下ip和密码信息(填好直接粘贴即可)

cat > ips <<'EOF'
192.168.1.1 abc123
192.168.1.2 abc123
EOF

若执行失败则创建ips文件, 填入以下内容

192.168.1.1 abc123
192.168.1.2 abc123

3.创建执行脚本 auto_mm.sh , 粘贴以下

#!/usr/bin/bash
path="$(cd "$(dirname "$0")" && pwd)"
cd $pathfunction info() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "$DATE_N|INFO|$@ "
}function warning() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}function success() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}function error() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"exit
}cat >create_mm.sh <<'EOF'
ssh-keygen -t rsa -N '' <<EOF
/root/.ssh/id_rsa
yes\EOF
EOF
sed -i "s#\\\\\EOF#EOF#g" create_mm.shrm -rf auto_mm_mysif ! test -e ips; thenerror "[ips]文件不存在"
fiecho "-----------------[拉取公钥]-----------------"
while read line; doip=$(echo $line | awk '{print $1}')pass=$(echo $line | awk '{print $2}')# 创建ssh秘钥expect <<EOFspawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"expect {"yes/no" { send "yes\n";exp_continue}  "password" { send "$pass\n"}}expect eof
EOFexpect <<EOFspawn scp root@$ip:/root/auto_mm_rs ./expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFrs=$(cat auto_mm_rs)if [ $rs -eq 0 ]; thenwarning "$ip未创建ssh秘钥, 执行创建ssh秘钥"expect <<EOFspawn scp create_mm.sh root@$ip:/rootexpect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFexpect <<EOFspawn ssh root@$ip "sh /root/create_mm.sh"expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFsleep 1sexpect <<EOFspawn ssh root@$ip "ls /root/.ssh/id_rsa.pub |wc -l > /root/auto_mm_rs"expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFexpect <<EOFspawn scp root@$ip:/root/auto_mm_rs ./expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFrs=$(cat auto_mm_rs)if [ $rs -eq 0 ]; thenerror "[$ip]ssh秘钥创建失败"elsesuccess "[$ip]ssh秘钥创建成功"fielsewarning "$ip已创建ssh秘钥"fi# 拉取ssh公钥expect <<EOFspawn scp root@$ip:/root/.ssh/id_rsa.pub ./expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFif ! test -e id_rsa.pub; thenerror "[$ip]ssh公钥拉取失败"ficat id_rsa.pub >>auto_mm_myssuccess "[$ip]拉取公钥成功"
done <ipsecho "-----------------[发送公钥]-----------------"
while read line; doip=$(echo $line | awk '{print $1}')pass=$(echo $line | awk '{print $2}')expect <<EOFspawn scp auto_mm_mys root@$ip:/rootexpect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOFexpect <<EOFspawn ssh root@$ip "cat /root/auto_mm_mys >> /root/.ssh/authorized_keys"expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$pass\n"}}expect eof
EOF
done <ipsecho "-----------------[验证]-----------------"
cat >auto_mm_yz.sh <<'EOF'
function info() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "$DATE_N|INFO|$@ "
}function warning() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}function success() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}function error() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}
EOFwhile read line; doip=$(echo $line | awk '{print $1}')pass=$(echo $line | awk '{print $2}')echo "ssh $ip -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no \"date\" > /dev/null 2>&1" >>auto_mm_yz.shcat >>auto_mm_yz.sh <<'EOF'
if [ $? -eq 0 ]; then
EOFecho "    success \"[local_ip] ====> [$ip]设置免密成功\"" >>auto_mm_yz.shecho "else" >>auto_mm_yz.shecho "    warning \"[local_ip] ====> [$ip]设置免密失败\"" >>auto_mm_yz.shecho "fi" >>auto_mm_yz.sh
done <ips
sed -i "s#local_ip#\$1#g" auto_mm_yz.shcat > yz.sh <<'EOF'
#!/usr/bin/bashfunction info() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "$DATE_N|INFO|$@ "
}function warning() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[33m$DATE_N|WARINIG|$@ \033[0m"
}function success() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[32m$DATE_N|SUCCESS|$@ \033[0m"
}function error() {DATE_N=$(date "+%Y-%m-%d %H:%M:%S.%N" | cut -b 1-23)echo -e "\033[31m$DATE_N|ERROR|$@ \033[0m"
}function yz() {ssh $1 -o PreferredAuthentications=publickey -o StrictHostKeyChecking=no "date" >/dev/null 2>&1if [ $? -eq 0 ]; thensuccess "=================[$1]配置免密成功================="info "验证【[$1]】对所有服务器的免密配置"scp auto_mm_yz.sh root@$1:/rootssh root@$1 "sh /root/auto_mm_yz.sh $1"elsewarning "=================[$1]配置免密失败================="expect <<EOFspawn scp auto_mm_yz.sh root@$1:/rootexpect {"yes/no" { send "yes\n";exp_continue} "password" { send "$2\n"}}expect eof
\EOFinfo "验证【[$1]】对所有服务器的免密配置"expect <<EOFspawn ssh root@$1 "sh /root/auto_mm_yz.sh $1"expect {"yes/no" { send "yes\n";exp_continue} "password" { send "$2\n"}}expect eof
\EOFfi
}EOF
sed -i "s#\\\\\EOF#EOF#g" yz.shwhile read line; doip=$(echo $line | awk '{print $1}')pass=$(echo $line | awk '{print $2}')echo "yz $ip $pass" >> yz.sh
done <ipssh yz.sh# 清理
rm -rf auto_mm_mys
rm -rf auto_mm_rs
rm -rf auto_mm_yz.sh
rm -rf create_mm.sh
rm -rf id_rsa.pub
rm -rf yz.sh