Basic material
CentOS 7.7 minimal close selinux firewall
Usually, an important prerequisite for us to use batch tools such as ansible or pssh is the one-way confidentiality-free mutual trust between the control end and the controlled end, or the need for two-way mutual trust between the two machines when doing Oracle RAC or GPFS file systems. For the former, usually When making a virtual machine template, you can just type it directly into the template. For the latter, usually the number of hosts is not many, and it is enough to generate it manually. Recently, a demand is to do mesh mutual trust among dozens of hosts, namely From any host to all other hosts, mutual trust is required. In this case, scripting is necessary.
Overall steps:
1. Each host generates a secret key 2. The control host collects a secret key 3. Distributes the authorized_keys and known_hosts collected by the control host to all hosts
Before executing the script, you need to prepare:
1. Find a control machine to ensure that all other hosts can be ssh connected.
2. Install the software package yum install -y sshpass on the control machine.
3. Prepare a txt file and set the mutual trust IP and password for each host Save one line in a txt file (if the host passwords are all the same, write them in the script, in this case only the IP is stored, and there is no need to take the password separately in the script, which will save trouble) The
example is as follows, this time the delimiter uses @ , If it conflicts with the actual password, you can replace
10.1.1.2@123456
10.1.1.3@567890
The script is as follows:
#生成所有主机密钥,并完成秘钥收集
for i in `cat ip.txt`
do
ip=`echo $i |awk -F "@" '{print $1}'
password=`echo $i |awk -F "@" '{print $2}'
sshpass -p $password ssh $ip -o StrictHostKeyChecking=no "mv /root/.ssh/{id_rsa,id_rsa.pub} /tmp;ssh-keygen -t rsa -f /root/.ssh/id_rsa -N '';cat /root/.ssh/id_rsa.pub"|grep ssh-rsa>>/root/.ssh/authorized_keys
done
#分发authorized_keys及known_hosts
for i in `cat ip.txt`
do
ip=`echo $i |awk -F "@" '{print $1}'
password=`echo $i |awk -F "@" '{print $2}'
sshpass -p $password scp /root/.ssh/{authorized_keys,known_hosts} root@$ip:/root/.ssh/
doneRandomly select several hosts after executing the script to test password-free login