shell脚本实现免密钥登陆远程主机

目标：实现免密登陆脚本, expect登陆远程主机，将生成的密钥写入到目标主机, expect测试远程登陆

一般免密钥登陆有两步操作

step1：主机上生成公钥和私钥

[root@n72-1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:qzsUaW33T9YCv60HkR9aHKV6z53WBIms9bOmcRU0xa4 root@almalinux9-1.ilvdou.cn
The key's randomart image is:
+---[RSA 3072]----+
|               +=|
|           . ..+o|
|       o    + =+.|
|      + o .o.oo=o|
|     . oS....o*=+|
|      .  .  .oEB*|
|     .  .   .++B=|
|      ..     =+ o|
|      oo    . .o |
+----[SHA256]-----+

step2：将公钥文件id_rsa.pub拷贝到远程主机上

具体实现办法有两种：一种是命令方式，一种是手动在远程目标主机上操作。因为本文的目标是通过shell脚本实现自动化操作，所以选择命令的方式实现

[root@n72-1 ~]# ssh-copy-id root@192.168.35.152
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.35.152 (192.168.35.152)' can't be established.
ECDSA key fingerprint is SHA256:ct7zRI04EP17FuGBPe3bBXXCMCZ7U9T7c1DaUOaAd2E.
ECDSA key fingerprint is MD5:14:e1:0a:37:c5:7b:cf:6f:3e:eb:35:3a:b0:ab:c2:5a.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.35.152's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@192.168.35.152'"
and check to make sure that only the key(s) you wanted were added.[root@n72-1 ~]# ssh root@192.168.35.152
Last login: Tue Dec  6 21:40:34 2022 from 192.168.35.1
[root@almalinux9-1 ~]#

参考文章：Linux 实现密钥免密登录aliaichidantong的博客-CSDN博客linux免密登录

可以看到ssh-keygen命令和ssh-copy-id命令都是交互式命令，要实现自动化执行，还需要用expect工具进行处理。所以一共会有三个文件，一个keygen的expect脚本文件，一个ssh-copy-id我把它命名为doit 的expect脚本文件，另外一个是shell脚本文件，实现常规的bash命令的执行。

shell脚本一步步实现

step1：用expect实现无交互式生成主机的私钥和公钥

keygen.exp文件内容

#!/bin/expect
spawn ssh-keygen -t rsa
expect "Enter file" { send "\n"; exp_continue }
expect "Enter passphrase" { send "\n"; exp_continue }
expect "Enter same passphrase" {send "\n" }
expect eof

step2：用expect实现无交互式的将主机公钥传给远程目标机器

doit.exp文件内容

#!/bin/expectset ip [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh-copy-id root@$ip
expect {"yes/no" { send "yes\n";exp_continue }"password" { send "$password\n" }
}
expect eof

step3：多系统兼容，菜单式交互实现动态添加免密钥登陆远程主机

shell脚本文件n72-w3-12.sh

#!/bin/bash
. /etc/os-releaseif [[ "$ID" -eq "rocky" || "$ID" -eq "centos" || "$ID" -eq "almalinux" ]]; thenOSID="centos"
elif [[ "$ID" -eq "ubuntu" ]];thenOSID="ubuntu"
elseecho "该脚本仅支持centos系列和Ubuntu系列操作系统，其他系统不支持，谢谢，再见！"exit
fipassword="dashuilvdou"MAIN_MENU="安装MySQL
安装Apache
免密钥登陆主机
退出"function select_menu_main() {PS3="请选择（1-4）："select menu in $MAIN_MENU;docase $REPLY in1)install_mysql;;2)install_apache;;3)nokey_login;;4)break;;*)echo -e "\e[1;31m输入错误,请输入正确的数字(1-4)!\e[0m";;esacdone
}function install_mysql() {echo "hello, you have choose to install MySQL application."sleep 1
}function install_apache() {echo "hello, you have choose to install apache application."sleep 1
}function nokey_login() {while :; doecho "1.设置免密钥登陆主机"echo "2.免密钥远程登陆"echo "输入exit退出"read -p "$(echo -e '\033[1;32m请输入你的选项:\033[0m')" optioncase $option in1)set_nokey_login;;2)see_nokey_login;;"exit")break;;esacdone
}function set_nokey_login() {check_expect_envcheck_ssh_keyread -p "$(echo -e '\033[1;32m请输入主机IPLIST：\033[0m')" IPLISTread -p "$(echo -e '\033[1;32m请输入密码：\033[0m')" PASSWORDif [[ -n "$PASSWORD" ]] ; then password=$PASSWORD; fissh_copy_id_set $IPLIST
}function ssh_copy_id_set() {until [ -z "$1" ]; doexpect doit.exp $1 $passwordecho -e "\033[1;32m主机：$1 免密钥远程登陆设置完成。\033[0m"shiftdoneecho
}function see_nokey_login() {read -p "$(echo -e '\033[1;31m请输入远程主机IP：\033[0m')" IPexpect -c "spawn ssh root@$IP;expect \"*]#\" { send \"uname -a\r\" }send \"exit\r\"expect eof"
}function check_ssh_key() {if [[ ! -f /root/.ssh/id_rsa.pub ]]; then expect keygen.expfi
}function check_expect_env() {if [[ "$OSID" -eq "centos" ]];thenrpm -q expect &> /dev/null || yum install -y expectelsedpkg -s expect &> /dev/null || $(apt update; apt install -y expect)fi
}
#check_ssh_keyselect_menu_main

该脚本可以在RHEL系列如centos、rocky、almalinux和Ubuntu上执行。目前只是实现了菜单的两层交互选择，以及shift对输入参数的动态切换，还有expect免交互的脚本实现。

shell脚本上还预留了一些空白函数，待后续补充，欢迎大家评论区交流。

运维之路漫漫，且行且前进。

shell脚本实现免密钥登陆远程主机相关推荐

批量ssh免密登陆远程主机
案例 1.中心主机以root执行ssh-keygen -t rsa 在/root/.ssh/下生成id_rsa(私钥); id_rsa.pub(公钥); cat /root/.ssh/id_rsa.p ...
Shell脚本之免交互
Shell脚本之免交互一.Here Document 免交互 1.1 Here Document 免交互的概念 1.2 语法格式 1.3 相关实例二.Expect免交互 2.1 基本命令 2.2 ...
shell脚本部署免密登录
shell脚本部署免密登录创建一个目录,用来存放脚本 [root@localhost scripts]# tree . ├── host └── ssh.sh0 directories, 2 fil ...
linux免交互登陆远程主机并执行命令(密钥对和Expect)
Linux下实现免交互登陆一般有两种: 1. SSH无密码认证方式客户端使用ssh-keygen生成密钥对,将公钥复制到服务端(authorized_keys),SSH提供公钥登陆,当SSH访问服务 ...
OPENWRT中SSH免密钥登陆（具体步骤）
通过使用ssh-keygen生成公钥,在两台机器之间互相建立新人通道极客. 如果本地机器是client,远程机器为server. 1.使用ssh-keygen生成rsa keygen(在这里会覆盖曾经 ...
OPENWRT中SSH免密钥登陆（详细步骤）
通过使用ssh-keygen生成公钥,在两台机器之间互相建立新人通道极客. 假设本地机器是client,远程机器为server. 1.使用ssh-keygen生成rsa keygen(在这里会覆盖以前 ...
shell脚本--03免密疑云
1.免密疑问在首次连接服务器时,会弹出公钥确认提示.会导致自动化任务,由于初次连接服务器而中断. SSH客户端的StrictHostKeyChecking配置,可以实现当第一次连接服务器时,自动接收 ...
01基础 4、Shell 脚本
shell学习目标 1. Shell基本概述2. Shell的变量定义3. Shell数值运算4. Shell的流程控制 if语句5. Shell的循环语句 for while循环6. Shell的数 ...
linux shell 自动应答y,Shell脚本SSH登陆自动应答
Expect解释器协助Shell脚本实现SSH登陆自动应答,需要安装expect解释器来解释该脚本.只写了密码登陆方式自动应答,该脚本不支持密钥登陆自动应答 #!/usr/bin/expect -f ...