作为一个运维人员,我经常要将一些文件传输到另外一个服务器上,而且都是Linux的命令行环境,那么对于我来讲scp就是最直接有效的方法了,但是,使用scp需要指定远端服务器的帐号并手动输入密码,那么如何避免每次都需要输入密码这个操作呢?话不多说,以下就是解决办法。
方法一:配置信任关系
配置信任关系,要建立2个文件,ssh公钥(~/.ssh/id_rsa.pub)和公钥授权文件(~/.ssh/authorized_keys),~/.ssh/id_rsa.pub文件中包含了认证的公钥信息,而且该文件可以被任何人读取;而~/.ssh/authorized_keys文件中则列举了登录用户的公钥信息
以下是步骤
[root@Node2 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
e7:d4:ae:f7:90:7d:6a:41:57:79:bc:45:0e:a9:5a:3e root@Node2
The key's randomart image is:
+--[ RSA 2048]----+
| .+o|
| .+=|
| . *|
| .o ...|
| S o+.. . |
| +..Eo. |
| . +....|
| ....o |
| .. oo |
+-----------------+
[root@Node2 ~]# cd .ssh
[root@Node2 .ssh]# ls -l
总用量 12
-rw-------. 1 root root 1675 2月 27 13:13 id_rsa
-rw-r--r--. 1 root root 392 2月 27 13:13 id_rsa.pub
-rw-r--r--. 1 root root 400 2月 27 12:51 known_hosts
[root@Node2 .ssh]# cat id_rsa.pub >> authorized_keys
把这两个文件上传到另外一个服务器上,然后验证
[root@Node2 .ssh]# scp id_rsa.pub authorized_keys root@zxy:/root/.ssh/
id_rsa.pub 100% 392 0.4KB/s 00:00
authorized_keys 100% 392 0.4KB/s 00:00
[root@Node2 .ssh]# ssh zxy
Last login: Thu May 17 10:10:02 2018 from 192.168.10.1
[root@zxy ~]# exit
方法二:使用sshpass工具
一般系统上没有sshpass工具,这个需要额外安装,可以在这边下载http://sourceforge.net/projects/sshpass/,下载完之后,上传文件,以下是安装步骤
[root@Node2 ~]# tar -xvf sshpass-1.06.tar.gz
sshpass-1.06/
sshpass-1.06/main.c
sshpass-1.06/install-sh
sshpass-1.06/AUTHORS
sshpass-1.06/config.h.in
sshpass-1.06/depcomp
sshpass-1.06/aclocal.m4
sshpass-1.06/configure
sshpass-1.06/NEWS
sshpass-1.06/compile
sshpass-1.06/ChangeLog
sshpass-1.06/INSTALL
sshpass-1.06/Makefile.am
sshpass-1.06/sshpass.1
sshpass-1.06/COPYING
sshpass-1.06/README
sshpass-1.06/Makefile.in
sshpass-1.06/configure.ac
sshpass-1.06/missing
[root@Node2 ~]# cd sshpass-1.06
[root@Node2 sshpass-1.06]# ./configure
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for style of include used by make... GNU
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking whether gcc understands -c and -o together... yes
checking dependency style of gcc... gcc3
checking how to run the C preprocessor... gcc -E
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking minix/config.h usability... no
checking minix/config.h presence... no
checking for minix/config.h... no
checking whether it is safe to define __EXTENSIONS__... yes
checking for gcc... (cached) gcc
checking whether we are using the GNU C compiler... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking for gcc option to accept ISO C89... (cached) none needed
checking whether gcc understands -c and -o together... (cached) yes
checking dependency style of gcc... (cached) gcc3
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking for unistd.h... (cached) yes
checking termios.h usability... yes
checking termios.h presence... yes
checking for termios.h... yes
checking for an ANSI C-conforming const... yes
checking for pid_t... yes
checking for ssize_t... yes
checking vfork.h usability... no
checking vfork.h presence... no
checking for vfork.h... no
checking for fork... yes
checking for vfork... yes
checking for working fork... yes
checking for working vfork... (cached) yes
checking whether gcc needs -traditional... no
checking for stdlib.h... (cached) yes
checking for GNU libc compatible malloc... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking types of arguments for select... int,fd_set *,struct timeval *
checking return type of signal handlers... void
checking for select... yes
checking for posix_openpt... yes
checking for strdup... yes
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h
config.status: executing depfiles commands
[root@Node2 sshpass-1.06]# make && make install
make all-am
make[1]: Entering directory `/root/sshpass-1.06'
gcc -DHAVE_CONFIG_H -I. -g -O2 -MT main.o -MD -MP -MF .deps/main.Tpo -c -o main.o main.c
mv -f .deps/main.Tpo .deps/main.Po
gcc -g -O2 -o sshpass main.o
make[1]: Leaving directory `/root/sshpass-1.06'
make[1]: Entering directory `/root/sshpass-1.06'
/bin/mkdir -p '/usr/local/bin'
/usr/bin/install -c sshpass '/usr/local/bin'
/bin/mkdir -p '/usr/local/share/man/man1'
/usr/bin/install -c -m 644 sshpass.1 '/usr/local/share/man/man1'
make[1]: Leaving directory `/root/sshpass-1.06'
[root@Node2 sshpass-1.06]# cd
验证:
[root@Node2 ~]# sshpass -p root ssh zxy
Last login: Thu May 17 10:47:30 2018 from node2
[root@zxy ~]#
但是这种方法,直接暴露了密码,不安全~3、使用工具expect工具
首先下载http://sourceforge.net/projects/expect/files/Expect/5.45/ ,上传到服务器
安装expect的时候需要安装tcl-devel,要不然会报错
[root@Node2 ~]# yum install tcl-devel
[root@Node2 ~]# tar -xvf expect5.45.3.tar.gz
[root@Node2 ~]# cd expect5.45.3
[root@Node2 ~]# ./configure
[root@Node2 ~]# make && make install
下面就是一个使用expect来完成scp时无需输入密码的脚本:
[plain] view plain copy
#!/usr/bin/expect
set timeout 10
set host [lindex $argv 0]
set username [lindex $argv 1]
set password [lindex $argv 2]
set src_file [lindex $argv 3]
set dest_file [lindex $argv 4]
spawn scp $src_file $username@$host:$dest_file
expect {
"(yes/no)?"
{
send "yes\n"
expect "*assword:" { send "$password\n"}
}
"*assword:"
{
send "$password\n"
}
}
expect "100%"
expect eof
注意代码刚开始的第一行,指定了expect的路径,与shell脚本相同,这一句指定了程序在执行时到哪里去寻找相应的启动程序。代码刚开始还设定了timeout的时间为10秒,如果在执行scp任务时遇到了代码中没有指定的异常,则在等待10秒后该脚本的执行会自动终止。从以上代码刚开始的几行可以看出,我为这个脚本设置了5个需要手动输入的参数,分别为:目标主机的IP、用户名、密码、本地文件路径、目标主机中的文件路径。如果将以上脚本保存为cs文件,则在shell下执行时需要按以下的规范来输入命令:
[root@Node2 ~]# ./cs.sh 192.168.10.110 root root /root/sshpass-1.06.tar.gz /root/
以上的命令执行后,将把本地/root目录下的src_file文件拷贝到用户名为root,密码为123456的主机192.168.75.130中的/root下,同时还将这个源文件重命名为dest_file。spawn代表在本地终端执行的语句,在该语句开始执行后,expect开始捕获终端的输出信息,然后做出对应的操作。expect代码中的捕获的(yes/no)内容用于完成第一次访问目标主机时保存密钥的操作。有了这一句,scp的任务减少了中断的情况。代码结尾的expect eof与spawn对应,表示捕获终端输出信息的终止。
使用expect需要了解的一点是:用expect速度会比较慢,因为需要等待返回的数据,然后输入命令执行,没有ssh密钥登录的快速。
后面总结来自:https://blog.csdn.net/nfer_zhuang/article/details/42646849