共计 3139 个字符,预计需要花费 8 分钟才能阅读完成。
SSH 公钥分发
1. 安装 expect
yum install -y expect
2. 配置脚本
①用于生成密钥对
[Hadoop@master ~]$ cat ssh-keygen.sh
#!/usr/bin/expect
set timeout -1
spawn ssh-keygen -t rsa
expect {
“*/.ssh/id_rsa” {send “\n\r”;exp_continue}
“*(empty for no passphrase)” {send “\n\r”;exp_continue}
“*again” {send “\n\r”}
}
expect eof
②用于对单个主机配置 ssh 免密登陆
[hadoop@master ~]$ cat host_ssh.sh
#!/usr/bin/expect
set timeout 10
set username [lindex $argv 0]
set password [lindex $argv 1]
set hostname [lindex $argv 2]
spawn ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub $username@$hostname
expect {
#first connect, no public key in ~/.ssh/known_hosts
“Are you sure you want to continue connecting (yes/no)?” {
send “yes\r”
expect “password:”
send “$password\r”
}
#already has public key in ~/.ssh/known_hosts
“password:” {
send “$password\r”
}
“Now try logging into the machine” {
#it has authorized, do nothing!
}
}
expect eof
③对 hostlist 中的所有主机进行 ssh 免密登陆
12345678 [hadoop@master ~]$ cat auto.sh
#!/bin/sh
. /etc/init.d/functions
./ssh-keygen.sh
for host in $(awk ‘/^[^#]/{print $1}’ hostlist)
do
./host_ssh.sh hadoop 123456 $host
done
④hostlist 添加需要进行 ssh 的主机
[hadoop@master ~]$ cat hostlist
192.168.100.10
192.168.100.11
192.168.100.12
3. 修改所有脚本权限为 777
[hadoop@master~]$ chmod 777 auto.sh host_ssh.sh ssh-keygen.sh
4. 执行 auto.sh
[hadoop@master ~]$ ./auto.sh
spawn ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Created directory ‘/home/hadoop/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
95:45:36:c5:76:e2:39:01:ae:c7:bc:50:22:27:a1:f6 hadoop@master
The key’s randomart image is:
+–[RSA 2048]—-+
| . .*+. |
| . . = .= .|
| o o = oo = |
| . . = * + |
| E o + . |
| o . |
| . |
| |
| |
+—————–+
spawn ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.100.10
The authenticity of host ‘192.168.100.10 (192.168.100.10)’ can’t be established.
ECDSA key fingerprint is 93:d2:e6:72:66:53:11:40:0f:3f:e7:7e:47:c0:d7:8d.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
hadoop@192.168.100.10’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘hadoop@192.168.100.10′”
and check to make sure that only the key(s) you wanted were added.
spawn ssh-copy-id -i /home/hadoop/.ssh/id_rsa.pub hadoop@192.168.100.11
The authenticity of host ‘192.168.100.11 (192.168.100.11)’ can’t be established.
ECDSA key fingerprint is 93:d2:e6:72:66:53:11:40:0f:3f:e7:7e:47:c0:d7:8d.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed — if you are prompted now it is to install the new keys
hadoop@192.168.100.11’s password:
Number of key(s) added: 1
Now try logging into the machine, with: “ssh ‘hadoop@192.168.100.11′”
and check to make sure that only the key(s) you wanted were added.
5. 注意事项
如果当前用户目录下面有以前生成的 SSH 密钥,需要进行删除
本文永久更新链接地址 :http://www.linuxidc.com/Linux/2017-10/147642.htm
