Ssh fully-automated dual-host trust script

In fact, ssh dual-host password-less login is nothing more than key verification. This article uses the trusted CT command to achieve key distribution.

First, let's talk about the ssh key login process)

In fact, the key login is to use its own private key to verify whether there is a corresponding public key on the target host.
1. First, the host will obtain the id_rsa private key file under the. ssh directory in its home directory.
2. Then the host will look for whether the target host has authorized_keys in its directory.
3. If there is one, use your own private key to decrypt it to see if it is your own public key. If yes, the login is successful.
4. Otherwise, start password verification.

Setting the sshd configuration file before the experiment will greatly improve the ssh link speed.
First, make sure that ssh has enabled key verification (enabled by default ).
# RSAAuthentication yes
# PubkeyAuthentication yes
# AuthorizedKeysFile. ssh/authorized_keys
Mainly through these three options

Whether to enable password verification
PasswordAuthentication yes

Disabling dns resolution will speed up ssh connection
UseDNS no

Lab environment: centos5.4 x86

All ssh users used by the script are root users.

The script is as follows:

 

 
 

  
  
#!/usr/bin/expect 
  
  
#2013-01-18 
  
  
#author zhangyifei 
  
  
#blog http://zyfforlinux.blog.51cto.com 
  
  
set local_passwd "server" 
  
  
set des_passwd "server" 
  
  
set timeout 10 
  
  
set localip "192.168.0.254" 
  
  
set desip "192.168.0.251" 
  
  
spawn ssh-keygen -t rsa 
  
  
expect "Enter file*:" {send "\r"} 
  
  
expect "Enter passphrase*" {send "\r"} 
  
  
expect "Enter same*" {send "\r";exp_continue} 
  
  
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@$desip 
  
  
expect { 
  
  
"yes/no" { send "yes\r";exp_continue} 
  
  
"password:" {send "$des_passwd\r";exp_continue} 
  
  
} 
  
  
 
  
  
spawn ssh $desip "ssh-keygen -t rsa" 
  
  
expect "Enter file*:" {send "\r"} 
  
  
expect "Enter passphrase*" {send "\r"} 
  
  
expect "Enter same*" {send "\r";exp_continue} 
  
  
 
  
  
spawn scp $desip:/root/.ssh/id_rsa.pub /root/.ssh/authorized_keys 
  
  
expect { 
  
  
"yes/no" { send "yes\r";exp_continue} 
  
  
"password:" {send "$local_passwd\r";exp_continue} 
  
  
} 
 
 

This script has been successfully tested. You can use it with confidence. The script works in a very simple way and cannot be automated by using reverse CT.

In this article, I will update the CT content later. Stay tuned

This article is from the blog "jeff for linux" and will not be reposted!