ssh自動互信腳本（修訂版）

1、腳本說明

一、用法：./script.sh "user_name" "password_user" "password_root"

二、當互信的爲非root用戶時，先自動完成root的互信，而後檢測指定用戶是否存在，若不存在，則先建立，而後繼續進行互信

三、缺點：

①所用服務器的全部互信用戶，其所使用的rsa密鑰，均爲腳本所在服務器的root的rsa密鑰

②須要全部服務器的root密碼是同樣的

2、腳本內容

#!/bin/bash

auth_user=$1
auth_passwd=$2
root_passwd=$3

#上面三個參數也可設置默認值，參考以下

#auth_user=${1:-postgres}
#auth_passwd=${2:-123456}
#root_passwd=${3:-123456}

array_node=(gtm gtm_standby node1 node2)

function rsa_create {
rm -rf ~/.ssh/*
/usr/bin/expect << EOF
  spawn /usr/bin/ssh-keygen -t rsa
  expect {
         "*id_rsa):" {send "\n"; exp_continue}
         "(y/n)?" {send "y\r"; exp_continue}
         "passphrase" {send "\n"; exp_continue}
         "again:" {send "\n"}
             }
  expect {
         "*# " {send "exit\n\r"}   
            }
EOF
  rsa_key=`cat ~/.ssh/id_rsa.pub | awk '{print $1,$2}'`
  cat /dev/null > ~/.ssh/authorized_keys
  for node in `echo ${array_node[@]}`
  do
    echo "${rsa_key} ${1}@${node}" >> ~/.ssh/authorized_keys
    if [ "$1" != "root" ]; then
      echo "${rsa_key} root@${node}" >> ~/.ssh/authorized_keys
    fi;
  done;
}

function rsa_scp {
for node in `echo ${array_node[@]}`
do
/usr/bin/expect << EOF
  spawn /usr/bin/scp root@gtm :~/.ssh/* root@${node}:~/.ssh
  expect {
         "*yes/no*" {send "yes\r"; exp_continue}
         expect {
                "*assword*" {send "${root_passwd}\r"}
                }
         "*assword*" {send "${root_passwd}\r"}
         }   
  expect "100%"
EOF
done;
}

rsa_create "${auth_user}"

case "${auth_user}" in   "root" )     rsa_scp   ;;   * )     rsa_scp     for node in `echo ${array_node[@]}`     do       user_status=`ssh root@${node} -T "id ${auth_user} >/dev/null 2>&1 ;echo $?"`     if [ $user_status -ne 0 ]; then       ssh root@${node} -T "useradd ${auth_user} ; echo 123456 | passwd -f --stdin ${auth_passwd} > /dev/null 2>&1"     fi;     ssh root@${node} -T "/bin/cp -r -f /root/.ssh/* /home/${auth_user}/.ssh/;chown -R ${auth_user}:${auth_user} /home/${1}/"     done;   ;; esac