The author used to configure ssh password-free login, basically two steps are enough, ssh-keygen deletes the key pair, ssh-copy-id public key is copied to the remote host, and the key pair deployment is completed.
But the author is thinking, how to configure ssh password-free in the server group? Generate a key pair and then use ssh-copy-id to distribute the public key multiple times? That would be too inefficient. So I thought about using ssh-copy-id to distribute the public key in a loop to solve it. I found a script on the Internet to achieve this function. as follows:
#!/bin/bash
yum -y install sshpass &> /dev/null
UserName= username
IPlist=(10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5 )
#创建密钥对
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" &>/dev/null
#分发公钥
for i in ${IPlist[*]}
do
sshpass -p "123456" ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 -o StrictHostKeyChecking=no $UserName@$i &>/dev/null
done
In the first ssh login, you need to enter yes or no to confirm. Set StrictHostKeyChecking=no to not confirm on the first connection. In addition, there is the expect tool. For details, please refer to the author's previous article - the expect tool in Linux to complete remote interactive communication. So the modified script is as follows, untested due to limited conditions.
#!/bin/bash
yum -y install expect &> /dev/null
UserName= username
passwd='password'
#服务器集群IP地址
IPlist=(10.0.0.2 10.0.0.3 10.0.0.4 10.0.0.5)
#创建密钥对,需要确定路径与密码(空),不然需要交互式
ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" &>/dev/null
#循环分发公钥
#也可以定义文件从文件中读取
#for i in `cat /home/pi/HOSTid`
for i in ${IPlist[*]}
do
/usr/bin/expect <<-EOF
set time 10
spawn ssh-copy-id -i ~/.ssh/id_rsa.pub -p 22 -o StrictHostKeyChecking=no $UserName@$i &>/dev/null
expect {
"*yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$passwd\r" }
}
expect eof
EOF
done
Running this script on the management host does the trick. However, if you want to configure the ssh password-free server group in pairs, the author thinks that you can write all the server IP addresses in the HOSTid, and then use scp to distribute to each server. The above script reads the HOSTid, but a condition needs to be added to the for loop to determine whether it is the local ip address. If so, continue to jump to the next loop. for example:
f [ $i = `ifconfig enp0s3 | head -n2 | grep inet | awk '{print$2}'` ]
then
echo " This local machine !!!"
continue;
fi
The name of the network card needs to be written correctly. The author's centos is enp0s3. Of course, the ifconfig tool should also be used.
This script needs to be run on each server, and the author named it allssh_key.sh. Then you can continue to optimize it. You can use auto_cmd.sh in the author's previous article "expect tool in Linux to complete remote interactive communication (2)" (the script needs to modify the local machine to directly execute the allssh_key.sh script) to complete the server. Deployment of the swarm's key pair.
./auto_cmd.sh /home/username/shell/allssh_key.sh
Reference link:
Configuring ssh password-free for server farms in LAN
https://www.jianshu.com/p/c90cfa599e74