最近运维工作中遇到大批量的主机需要添加账户,修改密码,实现无密码验证等工作,由于这种工作完全是重复性的,可以借助脚本(更好的方式是自动化运维工具)来解决,主要是使用到expect工具,该工具主要用来处理自动交互式任务进行通信,不需要人为干预;今天就把用到的脚本在此记录一下,以备后用。
批量修改主机密码 脚本内容如下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [root@vm00 ~]# cat chpasswd.sh #!/bin/bash file="iplist.txt" for ip in `awk '/^[^#]/{print $1}' $file`; do port=`awk -v I=$ip '{if(I==$1)print $3}' $file` user=`awk -v I=$ip '{if(I==$1)print $2}' $file` pass=`awk -v I=$ip '{if(I==$1)print $4}' $file` newpass=`awk -v I=$ip '{if(I==$1)print $5}' $file` expect -c " spawn ssh -p$port $user@$ip set timeout 2 expect { \"(yes/no)\" {send \"yes\r\";exp_continue} \"password:\" {send \"$pass\r\";exp_continue} \"$user@*\" {send \"echo \'$newpass\' |passwd --stdin $user\r exit\r\";exp_continue} #\"$user@*\" {send \"df -h\r exit\r\";exp_continue} }" done
iplist.txt 格式如下
1 2 3 4 5 [root@vm00 ~]# cat iplist.txt # ip user port passwd newpasswd #------------------------------------------------ 192.168.6.101 root 22 ffffff gggggg 192.168.6.102 root 22 ffffff gggggg
批量主机ssh免密码验证 手动操作ssh无密码验证 设置hosts记录 1 2 3 4 5 6 [root@vm00 ~]# cat /etc/hosts \#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 oracle11g \#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.6.100 vm00 192.168.6.101 vm01 192.168.6.102 vm02
新建用户并设置密码(每台机器都执行) 1 2 3 4 [root@vm00 ~]# useradd -u 600 airmodel [root@vm00 ~]# echo "ffffff" |passwd --stdin airmodel Changing password for user airmodel. passwd: all authentication tokens updated successfully.
配置无密码访问key 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 [root@vm00 ~]# su - airmodel [airmodel@vm00 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/airmodel/.ssh/id_rsa): Created directory '/home/airmodel/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/airmodel/.ssh/id_rsa. Your public key has been saved in /home/airmodel/.ssh/id_rsa.pub. The key fingerprint is: 3a:d9:04:80:20:6a:90:8a:cd:c7:ee:fb:2d:d9:03:cd airmodel@vm00 The key's randomart image is: +--[ RSA 2048]----+ |+o .. | |= . . | |++ . . | |+ o o . | | o oS | | . .=E | | . ++. | | . ooo | | .o.... | +-----------------+
将生成的公钥拷贝到其他主机 标准命令格式:ssh-copy-id -i ~/.ssh/id_rsa.pub user@server
1 2 3 4 5 6 7 [airmodel@vm00 ~]$ ssh-copy-id -i vm02 airmodel@vm02's password: Now try logging into the machine, with "ssh 'vm02'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
验证 1.公钥会被拷贝到目标主机的 /home/user/.ssh/authorized_keys 文件中
多主机自动化配置ssh免密脚本 添加用户脚本 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 [root@vm00 ~]# cat padduser.sh #!/bin/bash file="iplist2.txt" newuser="airmodel" newpass="ffffff" for ip in `awk '/^[^#]/{print $1}' $file`; do port=`awk -v I=$ip '{if(I==$1)print $3}' $file` loginuser=`awk -v I=$ip '{if(I==$1)print $2}' $file` pass=`awk -v I=$ip '{if(I==$1)print $4}' $file` expect -c " spawn ssh -p$port $loginuser@$ip set timeout 2 expect { \"(yes/no)\" {send \"yes\r\";exp_continue} \"password:\" {send \"$pass\r\";exp_continue} \"$user@*\" {send \"useradd -u 600 $newuser && echo \'$newpass\' |passwd --stdin $newuser\r exit\r\";exp_continue} #\"$user@*\" {send \"df -h\r exit\r\";exp_continue} }" done
iplist2.txt内容
1 2 3 # ip user port passwd #-------------------------------------- 192.168.6.102 root 22 ffffff
多主机拷贝ssh公钥 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 #!/bin/bash #批量ssh无密码验证 for p in $(cat /opt/iplist3.txt) do ip=$(echo "$p"|cut -f1 -d ":") password=$(echo "$p"|cut -f2 -d ":") expect -c " spawn ssh-copy-id -i /home/airmodel/.ssh/id_rsa.pub airmodel@$ip expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$password\r\"; exp_continue} \"*Password*\" {send \"$password\r\";} } " done
iplist3.txt 格式
1 2 3 4 5 6 7 #user:passwd #----------- vm01:ffffff vm02:ffffff vm03:ffffff vm04:ffffff vm05:ffffff
参考连接:http://zqscm.qiniucdn.com/data/20110709133541/index.html https://blog.slogra.com/post-674.html http://blog.csdn.net/fanren224/article/details/63250184
