分发

分发

关注
发信
关注(28)粉丝(399)

shell编程-ssh免交互批量分发公钥脚本

脚本基本原理

1、控制端免交互创建秘钥和公钥:

1 ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""

2、免交互发送公钥

1 sshpass -ppassword ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no [email protected]"

sshpass              # 非交互式SSH密码提供

-o StrictHostKeyChecking=no # 不提示,ssh将自动添加新的主机密钥用户已知主机文件。

更多参数可以参考man ssh_config

ssh-copy-id        # 本质上是调用ssh命令,进行远程拷贝公钥的一个脚本,其中值得关注的是脚本中的“shift”,它能够将传参的参数依次向前推进。

 1 which ssh-copy-id
 2 /usr/bin/ssh-copy-id
  以下为shift在ssh-copy-id命令中使用的典型代码
 3 if [ "-i" = "$1" ]; then
 4   shift
 5   # check if we have 2 parameters left, if so the first is the new ID file
 6   if [ -n "$2" ]; then
 7     if expr "$1" : ".*\.pub" > /dev/null ; then
 8       ID_FILE="$1"
 9     else
10       ID_FILE="$1.pub"
11     fi
12     shift         # and this should leave $1 as the target name
13   fi
14 else
15   if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
16     GET_ID="$GET_ID ssh-add -L"
17   fi
18 fi

以下为shift示例代码,能够加助理解shift将参数依次向前推进的含义

 1 cat shift_test.sh
 2 #!/bin/bash
 3 until [ $# -eq 0 ];do
 4     echo $*
 5     shift
 6 done
 7 bash shift_test.sh 1 2 3 4 5
 8 1 2 3 4 5
 9 2 3 4 5
10 3 4 5
11 4 5
12 5

ssh免交互分发公钥的脚本

脚本功能:

1、能够输入选项 -h/--hlep查看帮助

2、不输入参数进行默认分发

3、可以指定主机的IP或者可以被解析的主机名进行分发

4、提示输出友好

5、能够自动检测已经分发了的主机,分发过了的就不再重复分发

6、代码尽量简洁

效果示例:

源码如下:

  1 #!/bin/bash
  2 # mzy 2019-10-22 Add Features
  3 # author 梅钟园  
  4 # contact qq:359462962
  5 export PATH=/bin:$PATH
  6
  7 # output command help manual
  8 function output_help(){
  9     echo -e "Usage :\n--help|-h\tget command help\n\te.g:batchsent.sh --help\ncommand public key distribution usage:\e[40;32;1mbatchsent.sh [ip/hostname]\e[0;0;0m \n\te.g:batchsent.sh 192.168.0.1\nor use default batchsent public key\n\te.g:batchsent.sh\nexplanation:hostname needs to be able to be resolved IP address."
 10 }
 11
 12 # check ip address or hostname fromat
 13 function check_ip_format(){
 14     ip=$1
 15     echo ${ip} |sed -r 's#([0-9]+).#\1#g' |test -n "`sed -n '/^[0-9][0-9]*$/p'`" >/dev/null 2>&1
 16     if [ $? -eq 0 ];then
 17         count=`echo ${ip}|sed -r 's#([0-9]+).#\1\n#g'|grep -v '^$' | wc -l`
 18         if [ ${count} -eq 4 ];then
 19             return 0
 20         else
 21             echo -e "\e[40;31;1merror\e[0;0;0m:this host(${ip}) ip fromat \e[40;31;1mIncorrect\e[0;0;0m"
 22             output_help
 23             return 1
 24         fi
 25     else
 26         ping -c 3 ${ip} >/dev/null 2>&1
 27         if [ $? -eq 0 ];then
 28             return 0
 29         else
 30             echo -e "\e[40;31;1merror\e[0;0;0m:this host(${ip}) name \e[40;31;1mcan not be resolved\e[0;0;0m"
 31             output_help
 32             return 1
 33         fi
 34     fi
 35 }
 36
 37 # Single IP or host public key distribution
 38 function sent_pub_key(){
 39     ip=$1
 40     sshpass -prewqrewsdsds ssh "-o StrictHostKeyChecking=no" root@${ip} hostname >/dev/null 2>&1
 41     if [ $? -eq 0 ];then
 42         echo -e "${ip} \tpublic keys \e[40;34;1malready exist\e[0;0;0m,can be used normally."
 43     else
 44         ping -c 3 ${ip} >/dev/null 2>&1
 45         if [ $? -eq 0 ];then
 46             sshpass -ptemplate ssh-copy-id -i /root/.ssh/id_rsa.pub "-o StrictHostKeyChecking=no root@${ip}" >/dev/null 2>&1
 47             echo -e "${ip} \tpublic keys \e[40;32;1msent successfully\e[0;0;0m,can be used normally."
 48         else
 49             echo -e "${ip} \tthis host(${ip}) is \e[40;31;1mnot online\e[0;0;0m"
 50         fi
 51     fi
 52 }
 53
 54 # define default host
 55 function default_batch_sent_pub_key(){
 56     for ip_addr in 172.16.0.{31,41,51,71,5,6,7,8,9};do
 57         sent_pub_key ${ip_addr}
 58     done
 59 }
 60
 61 # default ip or host public key distribution
 62 function batch_sent_pub_key(){
 63     ip_addr=$1
 64     sent_pub_key ${ip_addr}
 65 }
 66
 67 # check the packages needed
 68 function check_sshpass(){
 69     if [ ! -f /usr/bin/sshpass ];then
 70         yum install -y sshpass >/dev/null 2>&1
 71     fi
 72 }
 73
 74 # check -h or --help args
 75 function check_help_args(){
 76     args=$1
 77     case ${args} in
 78     "--help")
 79         output_help
 80         exit 1
 81         ;;
 82     "-h")
 83         output_help
 84         exit 1
 85         ;;
 86     esac
 87 }
 88
 89
 90 # The implementation of public key distribution by check_help_args function
 91 # In this way the code is more complex, not recommended
 92 function exec_batch_sent_by_check_help_args(){
 93     check_help_args $1
 94     if [ $# -eq 1 ];then
 95         check_ip_format $1
 96         if [ $? -eq 0 ];then
 97             batch_sent_pub_key $1
 98         fi
 99     elif [ $# -eq 0 ];then
100         default_batch_sent_pub_key
101     else
102         output_help
103     fi
104 }
105
106 # The implementation of public key distribution by if statment
107 # Such code simpler, recommended
108 function exec_batch_sent_by_if_statment(){
109     if [ $# -eq 1 ];then
110         if [ $1 == '--help' ] || [ $1 == '-h' ];then
111             output_help
112         else
113             check_ip_format $1
114             if [ $? -eq 0 ];then
115                 batch_sent_pub_key $1
116             fi
117         fi
118     elif [ $# -eq 0 ];then
119         default_batch_sent_pub_key
120     else
121         output_help
122     fi
123 }
124
125 # main
126 check_sshpass
127 if [ -f /root/.ssh/id_rsa -a -f /root/.ssh/id_rsa.pub ];then
128     exec_batch_sent_by_if_statment $1
129 else
130     ssh-keygen -t rsa -f /root/.ssh/id_rsa -N ""
131     exec_batch_sent_by_if_statment $1
132 fi
 
 
 
 
01-15 20:22
Powered by LMLPHP ©2024 分发 0.061452