批量实现无密码认证脚本

1020阅读 0评论2016-01-26 sync_1521
分类:LINUX

该脚本适用场景:
   一台linux机器需要无密码登录到N台linux机器;
   具体用法请参考usage(注:yourpasswd为你需要创建信任关系机器的登录密码);
   该脚本首先会去检查无密码认证是否ok,如果不ok,那就创建信任关系,并再次检查无密码认证是否ok。

  1. #!/bin/bash

  3. function usage()
  4. {
  5. cat <<EOF
  6.     usage:
  7.          auth-check.sh IpList Password
  8.     examle:
  9.          auth-check.sh 192.168.1.1..100,192.168.99.22..99,192.168.9.10 yourpasswd
  10. EOF
  11. }
  12. #检查机器是否能无密码登录
  13. function check()
  14. {
  15.         ret=`ssh -o ConnectTimeout=3 -o PasswordAuthentication=no -o KbdInteractiveDevices=no -o StrictHostKeyChecking=no $1 date 2>/dev/null
  16. `
  17.         if [[ -z $ret ]]
  18.         then
  19.                 ssh-keygen -R $1 &>/dev/null
  20.                 return 1
  21.         else
  22.                 echo "check ssh ok:$1"
  23.                 return 0
  24.         fi
  25. }
  26. #本机生成公钥私钥
  27. function create_key()
  28. {
  29.         umask 077; test -d ${HOME}/.ssh || mkdir ${HOME}/.ssh
  30.         /usr/bin/expect <<-EOF
  31.         spawn ssh-keygen -t rsa -P "" -f ${HOME}/.ssh/id_rsa
  32.         expect {
  33.                 "Overwrite (y/n)?" {
  34.                         send -- "n\r"
  35.                 } eof {
  36.                         puts ">> generate id_rsa and id_rsa.pub ... ...\n"
  37.                 } timeout {
  38.                 exit 1
  39.             }
  40.         }
  41.         expect eof
  42. EOF
  43. }
  44. #上传公钥到目标机器
  45. function auth()
  46. {
  47.         /usr/bin/expect <<-EOF
  48.         spawn ssh-copy-id -i ${HOME}/.ssh/id_rsa.pub $1
  49.         expect {
  50.                 "Are you sure you want to continue connecting (yes/no)?" {
  51.                         send -- "yes\r"
  52.                         exp_continue
  53.                 }
  54.                 "*word:" {
  55.                         send -- "${password}\r"
  56.                 } eof {
  57.                         exit 0
  58.                 } timeout {
  59.                         exit 1
  60.                 }
  61.         }
  62.         expect eof
  63. EOF
  64. }
  65. #做无密码认证后重新检查无密码登录是否成功
  66. function recheck()
  67. {
  68.         echo
  69.         echo -e "\e[33mre-auth:$1 \e[0m"
  70.         check $1
  71.         if [[ $? -eq 0 ]]
  72.         then
  73.                 echo -e "\e[33mauthority sucess:$1 \e[0m"
  74.         else
  75.                 echo -e "\e[31mauthority failed! please check machine:$1 \e[m"
  76.         fi
  77. }
  78. #主函数
  79. function main()
  80. {
  81.         if [[ $# -ne 2 ]];then
  82.                 usage
  83.                 exit 2

  85.         fi
  86.         password=$2
  87.         create_key &>/dev/null
  88.         iparry=`echo $1|sed 's/,/ /g'`
  89.         echo "IpList:$iparry"
  90.         for ip in ${iparry}
  91.         do
  92.                 if grep -Ex "([0-9]{1,3}\.){3}[0-9]{1,3}" <<<"$ip" &>/dev/null;then
  93.                         check $ip
  94.                         if [[ $? -ne 0 ]];then
  95.                                 auth $ip &>/dev/null
  96.                                 recheck $ip
  97.                         fi

  99.                 elif grep -Ex "([0-9]{1,3}\.){3}[0-9]{1,3}\.\.[0-9]{1,3}" <<<"$ip" &>/dev/null ;then
  100.                         ip_pre=`echo $ip |cut -d '.' -f -3`
  101.                         ip_start=`echo $ip|cut -d '.' -f 4`
  102.                         ip_end=`echo $ip|cut -d '.' -f 6`
  103.                         for ((i= ${ip_start};i<=${ip_end};i++))
  104.                         do
  105.                                 ip_dst="${ip_pre}.$i"
  106.                                 check $ip_dst
  107.                                 if [[ $? -ne 0 ]];then
  108.                                         auth $ip_dst &>/dev/null
  109.                                         recheck $ip_dst
  110.                                 fi
  111.                         done
  112.                 else
  113.                         echo -e "\e[31m please check IP parameter \e[0m"
  114.                 fi
  115.         done
  116.         exit 0

  118. }

  120. main "$@"

上一篇:Shell输入密码时关闭屏幕回显
下一篇:大型网站运维探讨和心得