ssh免密码登陆避免首次需要输入yes

指尖二进制 • 1 年前 • 939 次点击 • ANSIBLE

看下面，默认连接需要输入yes
服务器多了之后一台一台去输入yes肯定也不现实。太麻烦了

[root@ansible ~]# ssh-keygen 
[root@ansible ~]# ssh 10.0.0.31
[root@ansible ~]# ssh-copy-id 10.0.0.31
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.31 (10.0.0.31)' can't be established.
ECDSA key fingerprint is SHA256:h1TDNMhJRVbSfxNtVqz3uTBZBa/Dv3S9Hzxfn3kCFTM.
ECDSA key fingerprint is MD5:e6:57:8c:d7:87:13:e6:51:06:7d:fc:8a:06:c2:3c:b2.
Are you sure you want to continue connecting (yes/no)?

写个脚本避免交互输入yes。无密钥登录的自动脚本实现

[root@ansible ~]# vim auto_ssh.sh 
#!/usr/bin/expect  
set timeout 10  

#执行该脚本传入进来的三个参数
set username [lindex $argv 0]  
set password [lindex $argv 1]  
set hostname [lindex $argv 2]

#此处为你想要传递给对端机器进行授权的密钥存放位置  
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub $username@$hostname
expect {
            #first connect, no public key in ~/.ssh/known_hosts
            "Are you sure you want to continue connecting (yes/no)?" { #第一次ssh匹配此处逻辑
            send "yes\r"
            expect "password:"
                send "$password\r"
            }
            #already has public key in ~/.ssh/known_hosts
            "password:" { #第二次匹配此处逻辑
                send "$password\r"
            }
            "Now try logging into the machine" {
                #it has authorized, do nothing! #已经授权无密钥登录，则匹配此处逻辑，do nothing
            }
        }
expect eof

授权

[root@ansible ~]# chmod 777 auto_ssh.sh

执行如下命令
传入的三个参数，分别为对端机器的用户、密码、主机IP

[root@ansible ~]# yum install expect -y #需要安装expcet
[root@ansible ~]# ./auto_ssh.sh root 123456 10.0.0.31
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.31
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.31 (10.0.0.31)' can't be established.
ECDSA key fingerprint is SHA256:h1TDNMhJRVbSfxNtVqz3uTBZBa/Dv3S9Hzxfn3kCFTM.
ECDSA key fingerprint is MD5:e6:57:8c:d7:87:13:e6:51:06:7d:fc:8a:06:c2:3c:b2.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.31's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@10.0.0.31'"
and check to make sure that only the key(s) you wanted were added.

再次测试ssh登录成功

[root@ansible ~]# ssh 10.0.0.31
Last login: Mon Apr  3 15:32:27 2023 from 10.0.0.11
[root@web01 ~]# cat /root/.ssh/authorized_keys 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZcZjBTYo8aAXflCOpXXkZsnnjyhWZttCPlatKAgPedLaDRSkkDQJby/DODGMLnCyB3lkh52EuG0UilQJRPqGoBxVxwnLx6ewSsVMN+CcSwGdTyG02YyIWoII8Y4G4JblPutKvfjZQ53f/8lYjpk3ylXteaGruL7WZpk2QNpBl7n/43cGXdTGAS+l7RoFYlkHTK7fqpxdOK6fT3Rzv64ZRTe1Ib1S+7RS8ng+562JQscdX/Y+I9dx/cSOPSD29zeV546kfLNtLQBLeHPs9lqdpcok1/8OPQC+WZRBqMm3TO3sfLHgrgttsIxKh5xZkuQGHbtiJPbEFnL8XV5vAMqT/ root@ansible