新系統添加sshkey/pexpect基本使用

Ansible密碼認證

//配置Inventory
[db]
10.10.10.12
10.10.10.162

[db:vars]　　　　　　　　　　#給db組下的主機設置變量
ansible_ssh_user="root"
ansible_ssh_pass='123456'


//調用ansible的authorized_key模塊(可參考https://www.cnblogs.com/FRESHMANS/p/8119224.html 裏的authoirzed_key模塊)

ansible db -m authorized_key -a "user=root key={{ lookup('file', '/root/.ssh/id_rsa.pub') }} path=/root/.ssh/authorized_keys manage_dir=no"

//copy模塊
ansible db -m copy -a "src=/root/.ssh/id_rsa.pub dest=/tmp/id_rsa.pub"
ansible db -m shell -a "cat /tmp/id_rsa.pub >> /root/.ssh/authorized_keys"

 

ssh-copy-id（須要手動輸入密碼）

ssh-keygen -t rsa
ssh-copy-id 192.168.132.132
ssh-copy-id 192.168.132.133
ssh-copy-id 192.168.132.131 測試
ssh -i /root/.ssh/id_rsa root@x.x.x.x

 

Paramiko

略

 

Pexpect

安裝

//安裝依賴

wget http://nchc.dl.sourceforge.net/sourceforge/tcl/tcl8.4.11-src.tar.gz
tar xfvz tcl8.4.11-src.tar.gz
cd tcl8.4.11/unix  
./configure --prefix=/usr/tcl --enable-shared  
make  
make install 


//安裝pexpect

wget https://jaist.dl.sourceforge.net/project/expect/Expect/5.45/expect5.45.tar.gz
tar xzvf expect5.45.tar.gz
cd expect5.45  
./configure --prefix=/usr/expect --with-tcl=/usr/tcl/lib --with-tclinclude=../tcl8.4.11/generic  
make  
make install  
ln -s /usr/tcl/bin/expect /usr/expect/bin/expect

 

測試腳本

示例：

#!/usr/bin/expect -f  
set ip [lindex $argv 0 ]　　　　　　　　　　#設置遠程主機ip set USER [linux $argv 1]                 #設置要鏈接的遠程主機用戶信息 set password [lindex $argv 2 ]            #設置遠程主機密碼信息
set CMD [linux argv 3]                    #設置要執行的命令 set timeout 10
spawn ssh $user@$ip $cmd                #開啓ssh鏈接並在遠程主機執行命令
expect {　　　　　　　　　　　　　　　　　　　　　　
"*yes/no" { send "yes\r"; exp_continue}
"*password:" { send "$password\r" }
}
interact


//檢測基本登陸並停留在遠程主機shell

cat ssh.exp

#!/usr/bin/expect     
set timeout 30
spawn scp /root/.ssh/id_rsa.pub root@10.10.10.162:/root  　　　　#直接往遠程主機上拷貝文件，  
spawn ssh-copy-id 10.10.10.162        #這裏能夠用ssh-copy-id作ssh免祕鑰認證 

spawn ssh -l root 10.10.10.11　　　　#鏈接遠程主機

expect "password:"     
send "hzcf@2017\r"     
interact 

執行
expect ssh.exp

//自定義鏈接主機

cat test_ssh.exp
#!/usr/bin/expect -f  
set ip [lindex $argv 0 ]
set password [lindex $argv 1 ] 
set timeout 10
spawn ssh root@$ip
expect {
"*yes/no" { send "yes\r"; exp_continue}
"*password:" { send "$password\r" }
}
interact

expect test_ssh.exp ip password

其餘示例

//更改密碼

#!/bin/bash  
USER=mynameuser  
PASS=oldpassword  
NPASS=newpassword  
expect << EOF  
spawn passwd  
expect "Changing password for ${USER}."  
send "${PASS}\r"  
expect "Enter new UNIX password:"  
send "${NPASS}\r"  
expect "Retype new UNIX password:"  
send "${NPASS}\r"  
expect eof;  
EOF  


//文件拷貝
#!/usr/bin/expect  
set timeout 10  
set host [lindex $argv 0]  
set username [lindex $argv 1]  
set password [lindex $argv 2]  
set src_file [lindex $argv 3]  
set dest_file [lindex $argv 4]  
spawn scp $src_file $username@$host:$dest_file  
 expect {  
 "(yes/no)?"  
   {  
    send "yes\n"  
    expect "*assword:" { send "$password\n"}  
 }  
 "*assword:"  
{  
 send "$password\n"  
}  
}  
expect "100%"  
expect eof