免交互批量分发公钥的实现
Posted machangwei-8
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了免交互批量分发公钥的实现相关的知识,希望对你有一定的参考价值。
生成公钥私钥
每次连接都要输入密码
上面链接配置文件名字错了,应为vim /etc/ssh/sshd_config
操作命令过程:
[root@mcw1 ~]# ls .ssh/
ls: cannot access .ssh/: No such file or directory
[root@mcw1 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory ‘/root/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Od+6HjBBrHeUA5MP8rwckdakM89XrZNf0/kOjRPB4eI root@mcw1
The key‘s randomart image is:
+---[RSA 2048]----+
| .+*.. . |
| ..Bo= o o |
| *== .. = .|
| . =Bo. o +o|
| oS+o E =oo|
| o= o *+|
| o . + +|
| o + |
| .+. .|
+----[SHA256]-----+
[root@mcw1 ~]# ls .ssh/
id_rsa id_rsa.pub
[root@mcw1 ~]# ls -ld .ssh/
drwx------ 2 root root 38 Jul 30 17:50 .ssh/
[root@mcw1 ~]# cat .ssh/id_rsa.pub >>.ssh/authorized_keys
[root@mcw1 ~]# chmod 600 .ssh/authorized_keys
单台免交互分发公钥:
参考:https://blog.51cto.com/vinsent/1970780
[root@mcw1 ~]# cat 3.sh #!/usr/bin/expect spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 172.168.1.5 expect "yes/no" send "yes\\n";exp_continue # 替你回答下载公钥是的提示 "password" send "123456\\n" # 提示输入密码 interact expect eof
多台批量免交互分发公钥:
[root@vinsent app]# cat ssh_auto.sh #!/bin/bash #------------------------------------------# # FileName: ssh_auto.sh # Revision: 1.1.0 # Date: 2017-07-14 04:50:33 # Author: vinsent # Email: hyb_admin@163.com # Website: www.vinsent.cn # Description: This script can achieve ssh password-free login, # and can be deployed in batches, configuration #------------------------------------------# # Copyright: 2017 vinsent # License: GPL 2+ #------------------------------------------# [ ! -f /root/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -P ‘‘ &>/dev/null # 密钥对不存在则创建密钥 while read line;do ip=`echo $line | cut -d " " -f1` # 提取文件中的ip user_name=`echo $line | cut -d " " -f2` # 提取文件中的用户名 pass_word=`echo $line | cut -d " " -f3` # 提取文件中的密码 expect <<EOF spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $user_name@$ip # 复制公钥到目标主机 expect "yes/no" send "yes\\n";exp_continue # expect 实现自动输入密码 "password" send "$pass_word\\n" expect eof EOF done < /root/host_ip.txt # 读取存储ip的文件
host_ip.txt文件可以通过手动写(当然了这就显得不自动化)你可以使用扫描工具扫描你网络中的主机,然后配合awk等工具生成该文件。ip地址即登录用户名密码的文件实例:
这样就能批量执行命令了:
参考链接:
https://blog.51cto.com/vinsent/1970780
https://www.cnblogs.com/panchong/p/6027138.html
以上是关于免交互批量分发公钥的实现的主要内容,如果未能解决你的问题,请参考以下文章