重庆思庄Oracle、Redhat认证学习论坛

标题: shell编程-ssh免交互批量分发公钥脚本 [打印本页]

作者: 梅钟园 时间: 2019-10-22 13:24
标题: shell编程-ssh免交互批量分发公钥脚本
本帖最后由梅钟园于 2019-10-22 18:31 编辑

shell编程-ssh免交互批量分发公钥脚本

脚本基本原理

1、控制端免交互创建秘钥和公钥：

ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""

复制代码

2、免交互发送公钥

sshpass -ppassword ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no user@172.25.0.21"

复制代码

sshpass # 非交互式SSH密码提供
-o StrictHostKeyChecking=no　# 不提示，ssh将自动添加新的主机密钥用户已知主机文件。
更多参数可以参考man ssh_config
ssh-copy-id # 本质上是调用ssh命令，进行远程拷贝公钥的一个脚本，其中值得关注的是脚本中的“shift”，它能够将传参的参数依次向前推进。

which ssh-copy-id
/usr/bin/ssh-copy-id
　　以下为shift在ssh-copy-id命令中使用的典型代码
if [ "-i" = "$1" ]; then
shift
# check if we have 2 parameters left, if so the first is the new ID file
if [ -n "$2" ]; then
if expr "$1" : ".*\.pub" > /dev/null ; then
ID_FILE="$1"
else
ID_FILE="$1.pub"
fi
shift # and this should leave $1 as the target name
fi
else
if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
GET_ID="$GET_ID ssh-add -L"
fi
fi

复制代码

以下为shift示例代码，能够加助理解shift将参数依次向前推进的含义

cat shift_test.sh
#!/bin/bash
until [ $# -eq 0 ];do
echo $*
shift
done
bash shift_test.sh 1 2 3 4 5
1 2 3 4 5
2 3 4 5
3 4 5
4 5
5

复制代码

ssh免交互分发公钥的脚本

脚本功能：
1、能够输入选项 -h/--hlep查看帮助
2、不输入参数进行默认分发
3、可以指定主机的IP或者可以被解析的主机名进行分发
4、提示输出友好
5、能够自动检测已经分发了的主机，分发过了的就不再重复分发
6、代码尽量简洁
7、指定多个主机进行批量分发

效果示例1：帮助

521545daed9aa9f4fe.png (16.49 KB, 下载次数: 364)

下载附件

2019-10-22 18:27 上传

效果示例2：指定多个主机同时进行批量分发

589845daebd1920a41.png (7.52 KB, 下载次数: 355)

下载附件

2019-10-22 16:26 上传

效果示例3：默认分发、指定一个主机分发

839685daed9c63fccb.png (19.55 KB, 下载次数: 353)

下载附件

2019-10-22 18:28 上传

源码如下：

#!/bin/bash
# mzy 2019-10-22 Add Features
# author 梅钟园
# contact qq:359462962
export PATH=/bin:$PATH
# output command help manual
function output_help(){
echo -e "Usage :\n\n--help|-h\tget command help.\n\te.g:batchsent.sh --help\n\ncommand public key distribution:\n\t\e[40;32;1mbatchsent.sh [ip/hostname]\e[0;0;0m\n\nexample:\n\te.g:batchsent.sh 192.168.0.1\n\tor use default batchsent public key:\n\te.g:batchsent.sh\n\nexplanation:\n\t1.hostname needs to be able to be resolved IP address.\n\t2.Run this script need to have root privileges.\n\t3.The current system needs to be able to use yum install sshpass software."
}
# Check whether the IP address or host name of the obvious error
function check_ip_format(){
ip=$1
echo ${ip} |sed -r 's#([0-9]+).#\1#g' |test -n "`sed -n '/^[0-9][0-9]*$/p'`" >/dev/null 2>&1
if [ $? -eq 0 ];then
count=`echo ${ip}|sed -r 's#([0-9]+).#\1\n#g'|grep -v '^| wc -l`
if [ ${count} -eq 4 ];then
return 0
else
echo -e "\e[40;31;1merror\e[0;0;0m:this host(${ip}) ip---\e[40;31;1mThere are obvious errors\e[0;0;0m"
output_help
return 1
fi
else
ping -c 3 ${ip} >/dev/null 2>&1
if [ $? -eq 0 ];then
return 0
else
echo -e "\e[40;31;1merror\e[0;0;0m:this host(${ip}) name---\e[40;31;1mcan not be resolved\e[0;0;0m"
output_help
return 1
fi
fi
}
# Single IP or host public key distribution
function sent_pub_key(){
ip=$1
sshpass -prewqrewsdsds ssh "-o StrictHostKeyChecking=no" root@${ip} hostname >/dev/null 2>&1
if [ $? -eq 0 ];then
echo -e "${ip} \tpublic keys \e[40;34;1malready exist\e[0;0;0m,can be used normally."
else
ping -c 3 ${ip} >/dev/null 2>&1
if [ $? -eq 0 ];then
sshpass -ptemplate ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no root@${ip}" >/dev/null 2>&1
echo -e "${ip} \tpublic keys \e[40;32;1msent successfully\e[0;0;0m,can be used normally."
else
echo -e "${ip} \tthis host(${ip}) is \e[40;31;1mnot online\e[0;0;0m"
fi
fi
}
# define default host
function default_batch_sent_pub_key(){
for ip_addr in 172.16.0.{31,41,51,71,5,6,7,8,9};do
sent_pub_key ${ip_addr}
done
}
# default ip or host public key distribution
function batch_sent_pub_key(){
ip_addr=$1
sent_pub_key ${ip_addr}
}
# check the packages needed
function check_sshpass(){
if [ ! -f /usr/bin/sshpass ];then
yum install -y sshpass >/dev/null 2>&1
if [ $? -ne 0 ];then
echo -e "\e[40;31;1merror\e[0;0;0m:install sshpass failed,check to see if the current user has root privileges."
exit 1
fi
fi
}
# check -h or --help args
function check_help_args(){
args=$1
case ${args} in
"--help")
output_help
exit 1
;;
"-h")
output_help
exit 1
;;
esac
}
# The implementation of public key distribution by check_help_args function
# In this way the code is more complex, not recommended
function exec_batch_sent_by_check_help_args(){
check_help_args $1
if [ $# -eq 1 ];then
check_ip_format $1
if [ $? -eq 0 ];then
batch_sent_pub_key $1
fi
fi
}
# The implementation of public key distribution by if statment
# Such code simpler, recommended
function exec_batch_sent_by_if_statment(){
if [ $# -eq 1 ];then
if [ $1 == '--help' ] || [ $1 == '-h' ];then
output_help
else
check_ip_format $1
if [ $? -eq 0 ];then
batch_sent_pub_key $1
fi
fi
fi
}
# Check the generated keys
function check_the_generated_keys(){
if [ -f /root/.ssh/id_rsa -a -f /root/.ssh/id_rsa.pub ];then
return 0
else
ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""
if [ $? -eq 0 ];then
return 0
else
echo -e "\e[40;31;1merror\e[0;0;0m:install sshpass failed,check to see if the current user has root privileges."
return 1
fi
fi
}
# main
if [ $# -eq 0 ];then
check_sshpass
check_the_generated_keys
if [ $? -eq 0 ];then
default_batch_sent_pub_key
else
exit 1
fi
else
until [ $# -eq 0 ];do
check_sshpass
check_the_generated_keys
if [ $? -eq 0 ];then
exec_batch_sent_by_if_statment $1
else
exit 1
fi
shift
done
fi

复制代码

: 登录/注册后可看大图

欢迎光临重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/)