实验背景
在一个局域网,在其中指定一台主机做为管理机,其它主机做为被管理机,为以后维护的便利性,要求实现管理机无需密码,直接登录被管理机.
使用Vmware Workstation搭建一个模拟局域网
该局域网内有四台主机,通过虚拟交换机Vnet1,实现互连互通
四台主机都安装了CentOS6,并关闭了iptables和SELinux
指定CentOS1(192.168.10.2)为管理机
指定CentOS2(192.168.10.3~5)为被管理机
简单的网络拓朴如下图所示
实验目的
通过shell脚本,实现一次执行,批量配置管理机与被管理机的信任关系,实现管理机免密码登录被管理机
脚本组成
为了便于脚本维护与扩展,通过如下一组脚本来实现
# lltotal 20-rw-r–r– 1 root root 657 Nov 8 22:49 ClientAuthorize.sh-rw-r–r– 1 root root 338 Nov 8 22:24 distribute.sh-rw-r–r– 1 root root 279 Nov 8 22:34 excuse.sh-rw-r–r– 1 root root 39 Nov 8 22:15 hostip.out-rw-r–r– 1 root root 210 Nov 8 20:30 ServerAuthorize.sh.example
下面分别介绍一下各个脚本
ClientAuthorize.sh 配置主脚本,在管理机上执行,通过它调用其它几个子脚本,实现批量设置
# vim ClientAuthorize.sh#!/bin/bash#声明环境变量export PATH=”/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin”export LANG=”en_US.UTF-8″#生成管理机的公私钥ssh-keygen#设置管理机的相关目录权限chmod go-w /rootchmod 700 /root/.sshchmod 600 /root/.ssh/*#将生成的公钥信息导入ServerAuthorize.sh脚本中rsapub_var=$(cat /root/.ssh/id_rsa.pub)cp /tmp/authorize/ServerAuthorize.sh.example /tmp/authorize/ServerAuthorize.shecho ” ” >>/tmp/authorize/ServerAuthorize.shecho “#set authorized_keys” >>/tmp/authorize/ServerAuthorize.shecho “echo \””${rsapub_var}”\” >>/root/.ssh/authorized_keys” >>/tmp/authorize/ServerAuthorize.shchmod u+x /tmp/authorize/ServerAuthorize.sh#调用批量分发脚本,如果执行成功,就继续调用批量执行脚本sh /tmp/authorize/distribute.sh &&\sh /tmp/authorize/excuse.sh
# vim ServerAuthorize.sh#!/bin/bash#声明环境变量export PATH=”/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin”export LANG=”en_US.UTF-8″#检查所需目录及文件,如果没有就创建一个if [ ! -d /root/.ssh ];thenmkdir /root/.sshfiif [ ! -f /root/.ssh/authorized_keys ];thentouch /root/.ssh/authorizedzz_keysfi#设置被管理机的相关目录文件权限chmod go-w /rootchmod 700 /root/.sshchmod 600 /root/.ssh/*#配置信任关系#set authorized_keysecho “ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6YUgG2kpxJDfqeoSIEOzQk/2tj1xTpMtb6e618rm6XYnjjdP5/FdwMKnBXRc6a/fp3h2AupsM7Pzc1AxzTZWNUUxEJoI0mZxxoy0B5UITTA8bAwiBfhIsTkcHqSS3CADdaAlFYol+9JO3sZ6U8dlD1KQtZLpc9FMPX87kowEJbtuq+XNZ7xe59KV0Adt3YI+ICqVU8WHu9yO7XkP313FZFPIYISqmY9kmhKUHT8znIHDqYQVC9MOMsNxQ4HlPLHNESnBvbSlR0wdz0q1VjVqF2qxyRZAQiIWi3nkYk6oKK61UYHQ62ueLpPQ4yWZfcKLaYJZQFeVo/uQdauYYVEQww== root@CentOS1” >>/root/.ssh/authorized_keys
distribute.sh 分发脚本,将ServerAuthorize.sh从管理机分发到各被管理机
# vim distribute.sh#!/bin/bash#声明环境变量export PATH=”/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin”export LANG=”en_US.UTF-8″#指定远程分发的来源与目标from_var=”/tmp/authorize/ServerAuthorize.sh”to_var=”/tmp”#通过for循环将脚本分发到各个被管理机for host_ip in $(cat /tmp/authorize/hostip.out)doscp -o StrictHostKeyChecking=no -rp “${from_var}” “${host_ip}”:”${to_var}”done
excuse.sh 批量执行脚本,在管理机上执行,使被管理机批量执行ServerAuthorize.sh
# vim excuse.sh#!/bin/bash#声明环境变量export PATH=”/usr/lib/qt-3.3/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin”export LANG=”en_US.UTF-8″#通过for循环,批量执行被管理机上的配置脚本command_var=”sh /tmp/ServerAuthorize.sh”for host_ip in $(cat /tmp/authorize/hostip.out)dossh -f ${host_ip} “${command_var}”done
hostip.out 提供被管理机的ip列表
# vim hostip.out192.168.10.3192.168.10.4192.168.10.5
脚本执行
下面我在管理机上面执行 ClientAuthorize.sh
[root@CentOS1 authorize]# sh ClientAuthorize.shGenerating public/private rsa key pair.#确认新生成的公钥保存位置,默认在当前用户家目录的.ssh目录下,此处直接回车即可Enter file in which to save the key (/root/.ssh/id_rsa):Created directory ‘/root/.ssh’.#输入密码,直接回车,使密码为空Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:6d:bc:5c:f8:32:bf:ee:4a:fe:bf:be:76:8d:29:38:aa root@CentOS1The key’s randomart image is:|||||||o .||S = . ||o +||*.. o.||oo+. + o||E…o***=+ |#开始执行分发任务,因为在脚本中添加了StrictHostKeyChecking=no参数,所以会出现下面的warningWarning: Permanently added ‘192.168.10.3’ (RSA) to the list of known hosts.#因为信任关系还没有建立,所以还是需要密码root@192.168.10.3’s password:ServerAuthorize.sh100% 6640.7KB/s 00:00Warning: Permanently added ‘192.168.10.4’ (RSA) to the list of known hosts.root@192.168.10.4’s password:ServerAuthorize.sh100% 6640.7KB/s 00:00Warning: Permanently added ‘192.168.10.5’ (RSA) to the list of known hosts.root@192.168.10.5’s password:ServerAuthorize.sh100% 6640.7KB/s 00:00#分发完成后,开始在各个被管理机上执行配置脚本root@192.168.10.3’s password:root@192.168.10.4’s password:root@192.168.10.5’s password:
实验结果检验
我从管理机,分别登录三台被管理机,可以看到,都已经不需要输入密码了
总有看腻的时候,不论何等荣华的身份,
