【ssh互信】设置两个主机之间的互信

设置两个主机的互信

主机host1到host2的ssh互信设置

host1-ssh-host2.sh
ssh-copy-id.expect
ssh-keygen.expect

host1-ssh-host2.sh

#!/bin/sh

user=root
host1=192.168.35.137
host2=192.168.35.138
passwd=qaz

echo "1. 登录$host1,并在该node上生成ssh密钥"
expect -f ssh-keygen.expect $user $host1 $passwd
retval=$?
if [ $retval -ne 0 ] && [ $retval -ne 1 ]; then 
  echo "在$host1上生成ssh密钥失败";
  return -1;
fi

echo "2. 将$host1的公钥拷贝到$host2上"
expect -f ssh-copy-id.expect $user $host1 $host2 $passwd
retval=$?
if [ $retval -ne 0 ] && [ $retval -ne 1 ];then 
  echo "将$host1的公钥拷贝到$host2失败"
  return -1;
fi

echo '$host1和$host2互信SUCCESS'

ssh-keygen.expect

#!/usr/bin/expect -f

# 把命令行第一个参数赋值给 user
set user [lindex $argv 0]

# 把命令行第2个参数赋值给 host
set host [lindex $argv 1]
set pass [lindex $argv 2]

# 设置超时时间为30秒
set timeout 30 

# spawn启动一个进程，进程执行ssh命令，程序后面可以通过expect/send和新启的进程进行交互
spawn ssh ${user}@${host} ssh-keygen
expect {
    "yes/no" { send "yes\r";exp_continue}
    "password:" {send "${pass}\r";exp_continue}
    "All accesses logged" {exp_continue}
    "Enter file in which to save the key (/root/.ssh/id_rsa)" {send "\r";exp_continue}
    "Enter passphrase (empty for no passphrase):" {send "\r";exp_continue}
    "Enter same passphrase again:" {send "\r";exp_continue}
    "Overwrite (y/n)?" {send "n\r";exp_continue}
    timeout { exit -1 }
}

# 获取退出码
catch wait result;
exit [lindex $result 3]

ssh-copy-id.expect

#!/usr/bin/expect -f
set user [lindex $argv 0]
set host1 [lindex $argv 1]
set host2 [lindex $argv 2]
set pass [lindex $argv 3]
set timeout 10 

#登录到host1
spawn ssh ${user}@${host1}
expect {
    "yes/no" { send "yes\r";exp_continue}
    "password:" { send "${pass}\r";exp_continue}
    "All accesses logged" {exp_continue}
    "]#" {}
    timeout { }
}

send "ssh-copy-id -i /root/.ssh/id_rsa.pub ${user}@${host2}\r"
expect {
    "yes/no" { send "yes\r";exp_continue}
    "password:" { send "${pass}\r";exp_continue}
    "All accesses logged" {exp_continue}
    "]#" {}
    timeout { }
}
exit

执行结果

[root@rmq-node3 ]# ./host1-ssh-host2.sh 
1. 登录192.168.35.137,并在该node上生成ssh密钥
spawn ssh root@192.168.35.137 ssh-keygen
root@192.168.35.137's password: 
Enter file in which to save the key (/root/.ssh/id_rsa): 
Generating public/private rsa key pair.
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? n
2. 将192.168.35.137的公钥拷贝到192.168.35.138上
spawn ssh root@192.168.35.137
root@192.168.35.137's password: 
Last login: Mon Dec 17 01:37:05 2018 from rmq-node3
[root@rmq-node3 ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@192.168.35.138
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.

[root@rmq-node3 ~]# 192.168.35.137和192.168.35.138互信SUCCESS

Keys	Action
`?`	Open this help
`←`	Previous page
`→`	Next page
`s`	Search