[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本

自动化,配置,ssh,登录,取消,脚本 · 浏览次数 : 0

小编点评

# SSH免密配置脚本 ``` #!/bin/bash # 1. 设定IP地址用户密码文件路径 username_password_file="/etc/ssh/username_password_file.txt" # 2. 设定IP地址 ip_address="192.168.1.10" # 3. 配置免密 ssh_config_file="/etc/ssh/ssh_config" # 4. 允许IP地址登录 ssh_config_file="$ssh_config_file" ssh_config_file="ssh_config_file" ssh_config_file="ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" # 5. 重新配置SSH免密 ssh_config_file="$ssh_config_file" ssh_config_file="ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" # 6. 允许IP地址登录 ssh_config_file="$ssh_config_file" ssh_config_file="ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" ssh_config_file="$ssh_config_file" # 7. 运行脚本 ssh_config_file="$ssh_config_file" ssh_config_file="$username_password_file" /ssh.sh host.txt ``` # IP地址用户密码文件格式(注意!!!) ``` username:password ``` # 请按照以上图示标准填写,内容不正确时会出现等待ssh登录或者重试的结果,这时候需要检查配置文件的用户名或者密码是否错误

正文

1. 前文

搭建了一套有多台主机的局域网环境,不完全考虑安全性的情况下,为方便管理局域网内主机,配置SSH免密登录,因主机较多,前阵子针对配置ssh免密和取消ssh免密功能单独写了脚本来自动化批量部署,现把两个功能封装在一起做成交互式程序

2.实现代码

#!/bin/bash
#Author:cosann
#Version:0.2
#date:2022/7/27
#description:批量部署SSH免密登录脚本

E_ERROR=65


#传参检测

if [ $# -ne 1 ]

then

echo -e "Usage:$0 ip_list_file "

exit E_ERROR

fi


#文件检测

if [ ! -f "$1" ]

then

echo -e "IP_List_File $1文件异常,请检查内容"

exit E_ERROR

fi


#初始化

ip_list_file=$1

#从文本读取值初始化变量

ip_address=(</span><span class="token function">awk</span> <span class="token string">'{print $1}'</span> $ip_list_file<span class="token variable">)

username=(</span><span class="token function">awk</span> <span class="token string">'{print $2}'</span> $ip_list_file<span class="token variable">)

password=(</span><span class="token function">awk</span> <span class="token string">'{print $3}'</span> $ip_list_file<span class="token variable">)


#安装软件检测及部署环境配置

echo -e "》》》开始检测依赖的必须组件是否安装》》》\n"

if [ </span><span class="token function">rpm</span> -qa <span class="token operator">|</span> <span class="token function">grep</span> <span class="token string">"expect"</span> <span class="token operator">&amp;&gt;</span> /dev/null<span class="token punctuation">;</span><span class="token builtin class-name">echo</span> $?<span class="token variable"> -ne 0 ]

then

echo -e "未安装必须组件Expect,开始执行安装,请稍等..."

( yum install -y expect &> /dev/null && echo -e ">Expect安装完成!" ) || ( echo -e "部署必须组件Expect失败,请检查Yum配置" && exit E_ERROR )

elif [ </span><span class="token function">rpm</span> -qa <span class="token operator">|</span> <span class="token function">grep</span> <span class="token string">"openssl"</span> <span class="token operator">&amp;&gt;</span> /dev/null<span class="token punctuation">;</span><span class="token builtin class-name">echo</span> $?<span class="token variable"> -ne 0 ]

then

( yum install -y openssh &> /dev/null && echo -e ">Openssh安装完成!" ) || ( echo -e "部署必须组件Openssh失败,请检查Yum配置" && exit E_ERROR )

elif [ </span><span class="token function">rpm</span> -qa <span class="token operator">|</span> <span class="token function">grep</span> <span class="token string">"openssh-clients"</span> <span class="token operator">&amp;&gt;</span> /dev/null<span class="token punctuation">;</span><span class="token builtin class-name">echo</span> $?<span class="token variable"> -ne 0 ]

then

( yum install -y openssh-clients &> /dev/null && echo -e ">Openssh-clients安装完成!" ) || ( echo -e "部署必须组件Openssh-clients失败,请检查Yum配置" && exit E_ERROR )

else

echo -e ">必须组件Expect已安装"

echo -e ">必须组件Openssh已安装"

echo -e ">必须组件Openssh-clients已安装"

fi


#打印菜单

echo -e "\n="

echo -e "该脚本可以实现批量部署和删除SSH免密配置"

echo -e "Author:Cosann"

echo -e "Create time:2022/07/27"

echo -e "="

while :

do

echo -e ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"

echo -e "1. 配置SHH免密登录"

echo -e "2. 取消SHH免密配置"

echo -e "3. 退出程序"


<span class="token comment">#功能控制及实现</span>
<span class="token builtin class-name">read</span> -p <span class="token string">"请输入序号&gt;&gt;&gt; "</span> nu
<span class="token keyword">if</span> <span class="token punctuation">[</span><span class="token punctuation">[</span> <span class="token string">"<span class="token variable">$nu</span>"</span> <span class="token operator">==</span> <span class="token string">"3"</span> <span class="token punctuation">]</span><span class="token punctuation">]</span>
<span class="token keyword">then</span>
    <span class="token comment">#退出程序</span>
    <span class="token builtin class-name">echo</span> -e <span class="token string">"<span class="token entity" title="\n">\n</span>###!!!感谢使用,再见!!!###"</span>

    <span class="token builtin class-name">exit</span> <span class="token number">0</span>
<span class="token keyword">elif</span> <span class="token punctuation">[</span><span class="token punctuation">[</span> <span class="token string">"<span class="token variable">$nu</span>"</span> <span class="token operator">==</span> <span class="token string">"1"</span> <span class="token punctuation">]</span><span class="token punctuation">]</span>
<span class="token keyword">then</span>    
    <span class="token builtin class-name">echo</span> <span class="token string">"开始推送"</span>
    <span class="token comment">#检测公钥文件是否存在,不存在则生成</span>
    <span class="token keyword">if</span> <span class="token punctuation">[</span> <span class="token operator">!</span> -e <span class="token string">"<span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub"</span> <span class="token punctuation">]</span><span class="token punctuation">;</span><span class="token keyword">then</span>
        ssh-keygen -t rsa -P <span class="token string">''</span> -f <span class="token environment constant">$HOME</span>/.ssh/id_rsa
    <span class="token keyword">else</span>
        <span class="token builtin class-name">echo</span> -e <span class="token string">"》》》已创建公钥文件,开始向远端服务器推送公钥》》》"</span>
    <span class="token keyword">fi</span>

    <span class="token comment">#循环控制</span>
    <span class="token assign-left variable">count</span><span class="token operator">=</span><span class="token variable"><span class="token variable">`</span><span class="token function">grep</span> -v <span class="token string">'^$'</span> $ip_list_file <span class="token operator">|</span> <span class="token function">wc</span> -l <span class="token variable">`</span></span>
    <span class="token keyword">for</span> <span class="token variable"><span class="token punctuation">((</span> i<span class="token operator">=</span><span class="token number">0</span><span class="token punctuation">;</span>i<span class="token operator">&lt;</span>$count<span class="token punctuation">;</span>i<span class="token operator">++</span> <span class="token punctuation">))</span></span>
    <span class="token keyword">do</span>
        <span class="token comment">#echo -e "${ip_address[$i]}\t${username[$i]}\t${password[$i]}"</span>
        <span class="token comment">#自动化交互实现推送ssh公钥</span>
        /usr/bin/expect<span class="token operator">&lt;&lt;-</span><span class="token string">EOF
        spawn ssh-copy-id -i <span class="token environment constant">$HOME</span>/.ssh/id_rsa.pub <span class="token variable">${username<span class="token punctuation">[</span>$i<span class="token punctuation">]</span>}</span>@<span class="token variable">${ip_address<span class="token punctuation">[</span>$i<span class="token punctuation">]</span>}</span>
        expect {
        "*yes/no"    { send "yes<span class="token entity" title="\r">\r</span>";exp_continue }
        "*password"  { send "<span class="token variable">${password<span class="token punctuation">[</span>$i<span class="token punctuation">]</span>}</span><span class="token entity" title="\r">\r</span>" }
    }
    expect eof



EOF

done

echo -e "--------------------------------------------------------------------------------------"

echo -e "--------------------------------------------------------------------------------------"

echo -e "--------------------------------------------------------------------------------------"

echo -e "###推送完成,尝试免密登录###"

#推送公钥成功免密结果通知

for (( i=0;i<\(count<span class="token punctuation">;</span>i<span class="token operator">++</span> <span class="token punctuation">))</span></span>
        <span class="token keyword">do</span>
            /usr/bin/expect<span class="token operator">&lt;&lt;-</span><span class="token string">EOF
            spawn ssh <span class="token variable">\){username[\(i<span class="token punctuation">]</span>}</span>@<span class="token variable">\){ip_address[$i]}

expect "]#"

send "echo "##登录成功##"\r"

expect "]#"

send "exit\r"

EOF

done

echo -e "-------------------------------------------"

echo -e "已完成SHH免密配置,请尝试SHH登录远端主机确认"


<span class="token keyword">elif</span> <span class="token punctuation">[</span><span class="token punctuation">[</span> <span class="token string">"<span class="token variable">$nu</span>"</span> <span class="token operator">==</span> <span class="token string">"2"</span> <span class="token punctuation">]</span><span class="token punctuation">]</span>
<span class="token keyword">then</span>
    <span class="token comment">#自动化交互实现删除配置免密的远程主机上的authorized_keys</span>
    <span class="token assign-left variable">count</span><span class="token operator">=</span><span class="token variable"><span class="token variable">`</span><span class="token function">grep</span> -v <span class="token string">'^$'</span> $ip_list_file <span class="token operator">|</span> <span class="token function">wc</span> -l <span class="token variable">`</span></span>
    <span class="token keyword">for</span> <span class="token variable"><span class="token punctuation">((</span> i<span class="token operator">=</span><span class="token number">0</span><span class="token punctuation">;</span>i<span class="token operator">&lt;</span>$count<span class="token punctuation">;</span>i<span class="token operator">++</span> <span class="token punctuation">))</span></span>
    <span class="token keyword">do</span>
    /usr/bin/expect<span class="token operator">&lt;&lt;-</span><span class="token string">EOF
    spawn ssh <span class="token variable">${username<span class="token punctuation">[</span>$i<span class="token punctuation">]</span>}</span>@<span class="token variable">${ip_address<span class="token punctuation">[</span>$i<span class="token punctuation">]</span>}</span>
    expect "*]#"    
    send "rm -f /root/.ssh/authorized_keys 2&gt; /dev/null<span class="token entity" title="\r">\r</span>"
    expect "*]#"
    send "exit<span class="token entity" title="\r">\r</span>"



EOF

done

echo -e "-------------------------------------------"

echo -e "已取消SHH免密配置,请尝试SHH登录远端主机确认"


<span class="token keyword">else</span>
    <span class="token builtin class-name">echo</span> -e <span class="token string">"<span class="token entity" title="\033">\033</span>[41;37m 非法输入,请检查输入!!! <span class="token entity" title="\033">\033</span>[0m"</span>
<span class="token keyword">fi</span>



done

    3. 使用方法

    3.1 使用前准备

    • 将代码复制到脚本文件,赋予执行权限
    • 提前准备好IP地址用户密码文件

    3.2 IP地址用户密码文件格式(注意!!!)

    image.png

    3.3 运行脚本

    #脚本名 IP地址用户密码文件
#举例
./ssh.sh host.txt	#脚本会判断调用脚本是否有指定IP地址用户密码文件,没有的情况下会运行脚本失败并提示

    • 1
    • 2
    • 3

    image.png

    4. 使用注意

    4.1 IP地址用户密码文件格式请按照以上图示标准填写,内容不正确时会出现等待ssh登录或者重试的结果,这时候需要检查配置文件的用户名或者密码是否错误

    image.png

    4.2 未在配置ssh免密的情况使用脚本,需要多次ctrl+c强制退出脚本

    image.png

    代码干货分享,如果你有不一样的想法,欢迎一起交流学习~

    文章知识点与官方知识档案匹配,可进一步学习相关知识
    云原生入门技能树首页概览13852 人正在系统学习中
    自动化 配置 ssh 登录 取消 脚本

    与[转帖]自动化配置SSH免密登录和取消SSH免密配置脚本相似的内容:

    [转帖]自动化配置SSH免密登录和取消SSH免密配置脚本

    1. 前文 搭建了一套有多台主机的局域网环境,不完全考虑安全性的情况下,为方便管理局域网内主机,配置SSH免密登录,因主机较多,前阵子针对配置ssh免密和取消ssh免密功能单独写了脚本来自动化批量部署,现把两个功能封装在一起做成交互式程序 2.实现代码 #!/bin/bash #Author:cos

    自动化 配置 ssh 登录
    0
    [转帖]总结:Springboot监控Actuator相关

    一、介绍 由于项目中使用的仍然是比较老旧的1.5.6版本,所以本文是基于此版本进行描述。 二、Actuator使用 ActuatorActuator是Spring Boot提供的对应用系统的监控和管理的集成功能,可以查看应用配置的详细信息,例如自动化配置信息、创建的Spring beans信息、系统

    总结 springboot 监控 actuator
    0
    [转帖]太厉害了,终于有人能把Ansible讲的明明白白了,建议收藏

    https://zhuanlan.zhihu.com/p/530678807 一: ansible 的概述 1. ansible简介 Ansible是一款为类Unix系统开发的自由开源的配置和自动化工具。 它用Python写成,类似于saltstack和Puppet,但是有一个不同和优点是我们不需要

    厉害 终于 有人 ansible
    0
    [转帖]mysql 自动设置my.ini、my.cnf中basedir和datadir的相对路径

    在实际生产中,我们经常用到mysql的安装,但是每次都需要手动设置配置文件中basedir和datadir的路径,但路径又基本上是当前安装路径,那我们是不是可以设置成自动配置成相对路径呢,当然可以。 我们新建一个文本文档,然后粘贴一下代码: @echo off set "pth=%~dp0" set

    mysql 自动 设置 my
    0
    [转帖]win10下使用Rclone将OneDrive映射到本地磁盘教程(开机自动挂载)

    win10下使用Rclone将OneDrive映射到本地磁盘教程(开机自动挂载) 下载rclone,winfsp和Git bashRclone.Winfsp. 和 [Git bash](https://gitforwindows.org/). 配置Rclone开机自动挂载 onedrive云盘是微软

    win10 使用 rclone onedrive
    0
    [转帖]NetworkManager服务(nmcli)

    一、简介 NetworkManager服务是管理和监控网络设置的守护进程,是2004年RedHat启动的项目,皆在能够让Linux用户更轻松的处理现代网络需求,尤其是无线网络,能够自动发现网卡并配置IP地址。Centos7之前的版本都是通过network.service管理网络配置。到了Centos

    networkmanager 服务 nmcli
    0
    [转帖]nginx的proxy_next_upstream使用中的一个坑

    https://zhuanlan.zhihu.com/p/35803906 今天线上系统出了点问题,机房的电信出口突然不通了,原本以为能自动切换的nginx配置,居然没有生效,导致了业务告警,手工紧急处理了才解决了。 当时的设想是,如果这个服务的访问,出现了500或者超时的情况,会自动重试到下一个服

    nginx proxy next upstream
    0
    [转帖]MSE注册配置中心和自建注册配置中心对比

    https://help.aliyun.com/document_detail/469154.html?spm=a2c4g.11186623.0.0.1a2779a6aPjzic 本文从运维、性能、高可用、监控告警等维度进行分析,介绍MSE注册配置中心和自建注册配置中心的差异。 MSE Nacos和

    mse 注册 配置 中心
    0
    [转帖]SSL 配置优化的若干建议

    转载自本人博客:https://dev.tail0r.com/ssl-optimization/ 如果你配置SSL只是为了网站的网址前有一把锁的标志,那不如直接送你把锁好了。 别想了,这句话不是哪个安全专家说的,是我说的(逃) 今天写一篇文章记录一下自己 SSL 的配置优化过程。以下设置均为 Ngi

    ssl 配置 优化 若干
    0
    [转帖]docker run nginx 指定配置文件

    step 1 docker pull nginx step 2 make -p /etc/nginx/conf.d step 3 vim enic.conf copy如下配置,根据自己业务场景稍加改动即可。 upstream enic { server 127.0.0.1:8090; } serve

    docker run nginx 指定
    0
    # 热门排行
    微软 New Bing AI 申请与使用保姆级教程(免魔法) ChatGPT API使用介绍 ChatGPT开发实战 一篇带你了解如何使用纯前端类Excel表格构建现金流量表 手把手教你玩转 Excel 数据透视表 为什么 C# 可能是最好的第一编程语言 .NET 入门到高级路线 提高工作效率的神器:基于前端表格实现Chrome Excel扩展插件 React + Springboot + Quartz,从0实现Excel报表自动化 用Echarts实现前端表格引用从属关系可视化
    © PmDaddy. 2023 PmDaddy教程网 All rights reserved.