Except实践之 修改主机密码&添加用户&ssh免密码验证

最近运维工作中遇到大批量的主机需要添加账户,修改密码,实现无密码验证等工作,由于这种工作完全是重复性的,可以借助脚本(更好的方式是自动化运维工具)来解决,主要是使用到expect工具,该工具主要用来处理自动交互式任务进行通信,不需要人为干预;今天就把用到的脚本在此记录一下,以备后用。

批量修改主机密码

脚本内容如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@vm00 ~]# cat chpasswd.sh
#!/bin/bash
file="iplist.txt"
for ip in `awk '/^[^#]/{print $1}' $file`; do
port=`awk -v I=$ip '{if(I==$1)print $3}' $file`
user=`awk -v I=$ip '{if(I==$1)print $2}' $file`
pass=`awk -v I=$ip '{if(I==$1)print $4}' $file`
newpass=`awk -v I=$ip '{if(I==$1)print $5}' $file`
expect -c "
spawn ssh -p$port $user@$ip
set timeout 2
expect {
\"(yes/no)\" {send \"yes\r\";exp_continue}
\"password:\" {send \"$pass\r\";exp_continue}
\"$user@*\" {send \"echo \'$newpass\' |passwd --stdin $user\r exit\r\";exp_continue}
#\"$user@*\" {send \"df -h\r exit\r\";exp_continue}
}"
done

iplist.txt 格式如下

1
2
3
4
5
[root@vm00 ~]# cat iplist.txt
# ip user port passwd newpasswd
#------------------------------------------------
192.168.6.101 root 22 ffffff gggggg
192.168.6.102 root 22 ffffff gggggg

批量主机ssh免密码验证

手动操作ssh无密码验证

设置hosts记录

1
2
3
4
5
6
[root@vm00 ~]# cat /etc/hosts
\#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 oracle11g
\#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.6.100 vm00
192.168.6.101 vm01
192.168.6.102 vm02

新建用户并设置密码(每台机器都执行)

1
2
3
4
[root@vm00 ~]# useradd -u 600 airmodel
[root@vm00 ~]# echo "ffffff" |passwd --stdin airmodel
Changing password for user airmodel.
passwd: all authentication tokens updated successfully.

配置无密码访问key

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[root@vm00 ~]# su - airmodel
[airmodel@vm00 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/airmodel/.ssh/id_rsa):
Created directory '/home/airmodel/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/airmodel/.ssh/id_rsa.
Your public key has been saved in /home/airmodel/.ssh/id_rsa.pub.
The key fingerprint is:
3a:d9:04:80:20:6a:90:8a:cd:c7:ee:fb:2d:d9:03:cd airmodel@vm00
The key's randomart image is:
+--[ RSA 2048]----+
|+o .. |
|= . . |
|++ . . |
|+ o o . |
| o oS |
| . .=E |
| . ++. |
| . ooo |
| .o.... |
+-----------------+

图片

将生成的公钥拷贝到其他主机

标准命令格式:ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
偷懒可以写成下边这种:

1
2
3
4
5
6
7
[airmodel@vm00 ~]$ ssh-copy-id -i vm02
airmodel@vm02's password:
Now try logging into the machine, with "ssh 'vm02'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.

验证

1.公钥会被拷贝到目标主机的 /home/user/.ssh/authorized_keys 文件中
2.[airmodel@vm00 ~]$ ssh vm02 无密码访问

多主机自动化配置ssh免密脚本

添加用户脚本

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@vm00 ~]# cat padduser.sh
#!/bin/bash
file="iplist2.txt"
newuser="airmodel"
newpass="ffffff"
for ip in `awk '/^[^#]/{print $1}' $file`; do
port=`awk -v I=$ip '{if(I==$1)print $3}' $file`
loginuser=`awk -v I=$ip '{if(I==$1)print $2}' $file`
pass=`awk -v I=$ip '{if(I==$1)print $4}' $file`
expect -c "
spawn ssh -p$port $loginuser@$ip
set timeout 2
expect {
\"(yes/no)\" {send \"yes\r\";exp_continue}
\"password:\" {send \"$pass\r\";exp_continue}
\"$user@*\" {send \"useradd -u 600 $newuser && echo \'$newpass\' |passwd --stdin $newuser\r exit\r\";exp_continue}
#\"$user@*\" {send \"df -h\r exit\r\";exp_continue}
}"
done

iplist2.txt内容

1
2
3
# ip user port passwd
#--------------------------------------
192.168.6.102 root 22 ffffff

多主机拷贝ssh公钥

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
#!/bin/bash
#批量ssh无密码验证
for p in $(cat /opt/iplist3.txt)
do
ip=$(echo "$p"|cut -f1 -d ":")
password=$(echo "$p"|cut -f2 -d ":")
expect -c "
spawn ssh-copy-id -i /home/airmodel/.ssh/id_rsa.pub airmodel@$ip
expect {
\"*yes/no*\" {send \"yes\r\"; exp_continue}
\"*password*\" {send \"$password\r\"; exp_continue}
\"*Password*\" {send \"$password\r\";}
}
"
done

iplist3.txt 格式

1
2
3
4
5
6
7
#user:passwd
#-----------
vm01:ffffff
vm02:ffffff
vm03:ffffff
vm04:ffffff
vm05:ffffff

参考连接:
http://zqscm.qiniucdn.com/data/20110709133541/index.html
https://blog.slogra.com/post-674.html
http://blog.csdn.net/fanren224/article/details/63250184

独学无友,孤陋寡闻;学习记录,欢迎拍砖!