免交互批量分发公钥的实现-白红宇

免交互批量分发公钥的实现

阅读量：4983 次

发布时间：2019-06-12

本文共 2515 字，大约阅读时间需要 8 分钟。

生成公钥私钥

每次连接都要输入密码

上面链接配置文件名字错了，应为vim /etc/ssh/sshd_config

操作命令过程：

[root@mcw1 ~]# ls .ssh/

ls: cannot access .ssh/: No such file or directory

[root@mcw1 ~]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Created directory '/root/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

SHA256:Od+6HjBBrHeUA5MP8rwckdakM89XrZNf0/kOjRPB4eI root@mcw1

The key's randomart image is:

+---[RSA 2048]----+

| .+*.. . |

| ..Bo= o o |

| *== .. = .|

| . =Bo. o +o|

| oS+o E =oo|

| o= o *+|

| o . + +|

| o + |

| .+. .|

+----[SHA256]-----+

[root@mcw1 ~]# ls .ssh/

id_rsa id_rsa.pub

[root@mcw1 ~]# ls -ld .ssh/

drwx------ 2 root root 38 Jul 30 17:50 .ssh/

[root@mcw1 ~]# cat .ssh/id_rsa.pub >>.ssh/authorized_keys

[root@mcw1 ~]# chmod 600 .ssh/authorized_keys

单台免交互分发公钥：

参考：https://blog.51cto.com/vinsent/1970780

[root@mcw1 ~]# cat 3.sh #!/usr/bin/expectspawn ssh-copy-id -i /root/.ssh/id_rsa.pub 172.168.1.5expect {    "yes/no" { send "yes\n";exp_continue }      # 替你回答下载公钥是的提示    "password" { send "123456\n" }         # 提示输入密码}interactexpect eof

多台批量免交互分发公钥：

[root@vinsent app]# cat ssh_auto.sh #!/bin/bash#------------------------------------------## FileName:             ssh_auto.sh# Revision:             1.1.0# Date:                 2017-07-14 04:50:33# Author:               vinsent# Email:                hyb_admin@163.com# Website:              www.vinsent.cn# Description:          This script can achieve ssh password-free login, #                       and can be deployed in batches, configuration#------------------------------------------## Copyright:            2017 vinsent# License:              GPL 2+#------------------------------------------#[ ! -f /root/.ssh/id_rsa.pub ] && ssh-keygen -t rsa -P '' &>/dev/null  # 密钥对不存在则创建密钥while read line;do        ip=`echo $line | cut -d " " -f1`             # 提取文件中的ip        user_name=`echo $line | cut -d " " -f2`      # 提取文件中的用户名        pass_word=`echo $line | cut -d " " -f3`      # 提取文件中的密码expect <

host_ip.txt文件可以通过手动写（当然了这就显得不自动化）你可以使用扫描工具扫描你网络中的主机，然后配合awk等工具生成该文件。ip地址即登录用户名密码的文件实例：

这样就能批量执行命令了：