[root@m01 ~]# cat /server/scripts/distribute_key.sh
#!/bin/bash
. /etc/init.d/functions
# 创建秘钥对
if [ ! -f /root/.ssh/id_dsa ]
then
ssh-keygen -t dsa -f /root/.ssh/id_dsa -P "" >/dev/null
action "key pair create" /bin/true
else
action "key pair already exists" /bin/false
fi
# 分发公钥信息
for ip in 7 31 41
do
sshpass -p654321 ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.$ip -o StrictHostKeyChecking=no &>/dev/null
if [ $? -eq 0 ]
then
action "host 172.16.1.$ip pub_key distribute" /bin/true
echo ""
else
action "host 172.16.1.$ip pub_key distribute" /bin/false
echo ""
fi
done
免交互批量检查公钥脚本 :
[root@m01 ~]# cat /server/scripts/check_key.sh
#!/bin/bash
. /etc/init.d/functions
# 检查公钥信息
for ip in 7 31 41
do
ssh 172.16.1.$ip hostname &>/dev/null
if [ $? -eq 0 ]
then
action "host 172.16.1.$ip connect" /bin/true
echo ""
else
action "host 172.16.1.$ip connect" /bin/false
echo ""
fi
done
免交互分发密码 :
不用输入 YES
ssh 172.16.1.31 -o StrictHostKeyChecking=no ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.31 -o StrictHostKeyChecking=no
补充: 理解分发公钥原理过程 ssh-copy-id
利用ssh和远程主机建立连接
将本地公钥文件信息传输到远程主机上
远程主机收到公钥信息 会保存到~/.ssh/authorized_keys 并且授权为600
不用输入密码
sshpass -p654321 ssh-copy-id -i ~/.ssh/id_dsa.pub 172.16.1.31 -o StrictHostKeyChecking=no
