免交互批量分發公鑰的實現

 

生成公鑰私鑰

 每次鏈接都要輸入密碼

linux-祕鑰生成

上面連接配置文件名字錯了，應爲vim /etc/ssh/sshd_config

 

操做命令過程：

[root@mcw1 ~]# ls .ssh/
ls: cannot access .ssh/: No such file or directory
[root@mcw1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Od+6HjBBrHeUA5MP8rwckdakM89XrZNf0/kOjRPB4eI root@mcw1
The key's randomart image is:
+---[RSA 2048]----+
| .+*.. . |
| ..Bo= o o |
| *== .. = .|
| . =Bo. o +o|
| oS+o E =oo|
| o= o *+|
| o . + +|
| o + |
| .+. .|
+----[SHA256]-----+
[root@mcw1 ~]# ls .ssh/
id_rsa id_rsa.pub
[root@mcw1 ~]# ls -ld .ssh/
drwx------ 2 root root 38 Jul 30 17:50 .ssh/
[root@mcw1 ~]# cat .ssh/id_rsa.pub >>.ssh/authorized_keys
[root@mcw1 ~]# chmod 600 .ssh/authorized_keys

 

單臺免交互分發公鑰：

參考：https://blog.51cto.com/vinsent/1970780

[root@mcw1 ~]# cat 3.sh 
#!/usr/bin/expect
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 172.168.1.5
expect {
    "yes/no" { send "yes\n";exp_continue }      # 替你回答下載公鑰是的提示
    "password" { send "123456\n" }         # 提示輸入密碼
}
interact
expect eof

 

多臺批量免交互分發公鑰：

[root@vinsent app]# cat ssh_auto.sh 
#!/bin/bash
#------------------------------------------#
# FileName:             ssh_auto.sh
# Revision:             1.1.0
# Date:                 2017-07-14 04:50:33
# Author:               vinsent
# Email:                hyb_admin@163.com
# Website:              www.vinsent.cn
# Description:          This script can achieve ssh password-free login, 
#                       and can be deployed in batches, configuration
#------------------------------------------#
# Copyright:            2017 vinsent
# License:              GPL 2+
#------------------------------------------#
[ ! -f /root/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -P '' &>/dev/null  # 密鑰對不存在則建立密鑰
while read line;do
        ip=`echo $line | cut -d " " -f1`             # 提取文件中的ip
        user_name=`echo $line | cut -d " " -f2`      # 提取文件中的用戶名
        pass_word=`echo $line | cut -d " " -f3`      # 提取文件中的密碼
expect <<EOF
        spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user_name@$ip   # 複製公鑰到目標主機
        expect {
                "yes/no" { send "yes\n";exp_continue}     # expect 實現自動輸入密碼
                "password" { send "$pass_word\n"}
        }
        expect eof
EOF

done < /root/host_ip.txt      # 讀取存儲ip的文件

host_ip.txt文件能夠經過手動寫（固然了這就顯得不自動化）你能夠使用掃描工具掃描你網絡中的主機，而後配合awk等工具生成該文件。ip地址即登陸用戶名密碼的文件實例：

[root@vinsent app]# cat host_ip.txt 
172.18.14.123 root 123456
172.18.254.54 root 123456

 

這樣就能批量執行命令了：

 

 

 

 

參考連接：

https://blog.51cto.com/vinsent/1970780

https://www.cnblogs.com/panchong/p/6027138.html