手工建立ssh互信需要好幾個步驟,並且中途人工互動(輸入密碼等),如果機器數目多,則很繁瑣,為了節省自己的時間,寫了個自動化指令碼,供參考。
1、在其中一台機器上建立一個可執行檔檔案(假設檔案名稱為ssh_auth.sh),在該檔案中添加以下內容:
#!/bin/shDEST_USER=$1PASSWORD=$2HOSTS_FILE=$3if [ $# -ne 3 ]; then echo "Usage:" echo "$0 remoteUser remotePassword hostsFile" exit 1fiSSH_DIR=~/.sshSCRIPT_PREFIX=./tmpecho ===========================# 1. prepare directory .sshmkdir $SSH_DIRchmod 700 $SSH_DIR# 2. generat ssh keyTMP_SCRIPT=$SCRIPT_PREFIX.shecho "#!/usr/bin/expect">$TMP_SCRIPTecho "spawn ssh-keygen -b 1024 -t rsa">>$TMP_SCRIPTecho "expect *key*">>$TMP_SCRIPTecho "send \r">>$TMP_SCRIPTif [ -f $SSH_DIR/id_rsa ]; then echo "expect *verwrite*">>$TMP_SCRIPT echo "send y\r">>$TMP_SCRIPTfiecho "expect *passphrase*">>$TMP_SCRIPTecho "send \r">>$TMP_SCRIPTecho "expect *again:">>$TMP_SCRIPTecho "send \r">>$TMP_SCRIPTecho "interact">>$TMP_SCRIPTchmod +x $TMP_SCRIPT/usr/bin/expect $TMP_SCRIPTrm $TMP_SCRIPT# 3. generat file authorized_keyscat $SSH_DIR/id_rsa.pub>>$SSH_DIR/authorized_keys# 4. chmod 600 for file authorized_keyschmod 600 $SSH_DIR/authorized_keysecho ===========================# 5. copy all files to other hostsfor ip in $(cat $HOSTS_FILE) do if [ "x$ip" != "x" ]; then echo ------------------------- TMP_SCRIPT=${SCRIPT_PREFIX}.$ip.sh # check known_hosts val=`ssh-keygen -F $ip` if [ "x$val" == "x" ]; then echo "$ip not in $SSH_DIR/known_hosts, need to add" val=`ssh-keyscan $ip 2>/dev/null` if [ "x$val" == "x" ]; then echo "ssh-keyscan $ip failed!" else echo $val>>$SSH_DIR/known_hosts fi fi echo "copy $SSH_DIR to $ip" echo "#!/usr/bin/expect">$TMP_SCRIPT echo "spawn scp -r $SSH_DIR $DEST_USER@$ip:~/">>$TMP_SCRIPT echo "expect *assword*">>$TMP_SCRIPT echo "send $PASSWORD\r">>$TMP_SCRIPT echo "interact">>$TMP_SCRIPT chmod +x $TMP_SCRIPT #echo "/usr/bin/expect $TMP_SCRIPT" >$TMP_SCRIPT.do #sh $TMP_SCRIPT.do& /usr/bin/expect $TMP_SCRIPT rm $TMP_SCRIPT echo "copy done." fidoneecho done.
2、在該可執行檔的同目錄下建立名為host的檔案,將要建立ssh互信的機器名或ip地址添加到該檔案中,每個機器名或ip佔一行,如:
192.168.1.2192.168.1.3192.168.1.4192.168.1.5
3、運行可執行指令碼ssh_auth.sh檔案,ssh_auth.sh接受三個參數,遠程機器使用者名稱、密碼和host檔案名稱(相對路徑或絕對路徑均可)。
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
