原理 从服务器A登录到服务器B,借用网上的一张图片
图片来源
具体的操作:/root/.ssh/authorized_keys。
上面的是单机操作,如果应对到几台/几十台的集群配置,手动去配置,那么需要配置n x 3次,这酸爽,手动表情[哭笑不得]
以下通过一个shell脚本,自动生成各台机器的id_rsa密钥对,并将所有机器的公钥写入到文件中,再自动将该文件内容分发到所有服务器并且将文件内容追加写入到authorized_keys文件
以下仅记录脚本,不做步骤解释
新建一个host.file,里面填写各台机器的地址、root用户和root密码,格式ip/domain:root:password,举例
host.file 1 2 3 4 domainA:root:123456 domainB:root:123456 192.168.1.100:root:123456 192.168.1.101:root:123456
各个机器可以互相连接,将host.file 和 免密脚本拷贝到其中一台机器上,这里假设为domainA
执行
1 2 3 sh ./mianmi.sh <localIP> <sshPort> -- sh ./mianmi.sh domainA 22
mianmi.sh
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 #!/bin/bash PORT=$2 LOCAL=$1 function copy expect -c " set timeout -1; spawn scp -P$1 $2 :/root/.ssh/id_rsa.pub ./key/$2key expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"$3 \r\"; exp_continue} }" } if [ $# -ne 2 ];then echo "please user in : ./mianmi.sh local_ip ssh_port" exit 1 fi if [ $USER = root ];then echo "yum install expect -y -d 0 -e 0" yum install expect -y -d 0 -e 0 if [ $? != 0 ];then echo "please chech your yum resource" exit 1 fi fi L=0 for i in `cat host.file`do ip[$L ]=`echo $i |awk -F: '{print $1}' ` user[$L ]=`echo $i |awk -F: '{print $2}' ` password[$L ]=`echo $i |awk -F: '{print $3}' ` let "L=$L +1" done for ((i=0;i<${#ip[@]} ;i++))do echo ${ip[$i]} if [ $LOCAL != ${ip[$i]} ];then result=`copy $PORT ${ip[$i]} ${password[$i]} ` echo $result |grep 100% if [ $? -ne 0 ];then expect -c " set timeout -1; spawn ssh -p$PORT ${user[$i]} @${ip[$i]} 'ssh-keygen' expect { \"*password*\" {send \"${password[$i]} \r\"; exp_continue} \"*Enter file*\" {send \"\r\"; exp_continue} \"*Enter passphrase*\" {send \"\r\"; exp_continue} \"*Enter same passphrase*\" {send \"\r\"; exp_continue} \"*The key fingerprint*\" {send \"\r\"; exp_continue} }" echo "successs make key" fi else if [ ! -f /root/.ssh/id_rsa.pub ];then expect -c " set timeout -1; spawn ssh-keygen expect { \"*Enter file*\" {send \"\r\"; exp_continue} \"*Enter passphrase*\" {send \"\r\"; exp_continue} \"*Enter same passphrase*\" {send \"\r\"; exp_continue} \"*The key fingerprint*\" {send \"\r\"; exp_continue} }" fi echo "yum install rsync -y -d 0 -e 0" yum install rsync -y -d 0 -e 0 rsync -avvP /root/.ssh/id_rsa.pub ./key/${ip[$i]} key fi if [ $LOCAL != ${ip[$i]} ];then result=`copy $PORT ${ip[$i]} ${password[$i]} ` echo $result |grep 100% if [ $? -ne 0 ];then echo "failed to excute the command,please check your network or other reason " fi fi done for i in `ls ./key`do cat ./key/$i >> /root/.ssh/authorized_keys done chmod 600 /root/.ssh/authorized_keys for ((i=0;i<${#ip[@]} ;i++))do if [ $LOCAL != ${ip[$i]} ];then expect -c " set timeout -1; spawn scp -P$PORT /root/.ssh/authorized_keys ${ip[$i]} :/tmp expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"${password[$i]} \r\"; exp_continue} }" expect -c " set timeout -1; spawn ssh -p$PORT ${ip[$i]} \"cat /tmp/authorized_keys >> /root/.ssh/authorized_keys \" expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"${password[$i]} \r\"; exp_continue} }" expect -c " set timeout -1; spawn ssh -p$PORT ${ip[$i]} \"chmod 600 /root/.ssh/authorized_keys \" expect { \"*yes/no*\" {send \"yes\r\"; exp_continue} \"*password*\" {send \"${password[$i]} \r\"; exp_continue} }" fi done
