#!/bin/bash
#本地KEY推送至远端
#生成秘钥命令:ssh-keygen -t rsa
#1.ssh-copy-id仅root(普通用户推送至远端authorized_keys会提示权限报错)
#2.利用推送本机root公钥实现免密,再推送其它公钥到远端authorized_keys
#R-远端配置
R_IP=192.168.68.250
R_PORT=22
R_USER=root
R_PWD=服务器密码
#远端authorized_keys路径
R_AUTH_PATH='/.ssh/authorized_keys'
#远端主机要执行的命令验证(查询IP命令)
CMD_IP="esxcli network ip interface ipv4 get"
#本地其它公钥(支持多个)
KEY_PATH_LIST='
/home/gocron/.ssh/id_rsa.pub
/home/gocron/.ssh/id_rsa.pub
'
#日志路径
LOG_PATH=/tmp/ssh-copy-id.log
>$LOG_PATH
##############################################
#copy本机公钥
expect <<EOF >>$LOG_PATH
set timeout 3; # 延长超时时间到10秒
spawn ssh-copy-id -p $R_PORT $R_USER@$R_IP
expect {
"yes/no" { send "yes\n"; exp_continue } # 继续等待后续交互
"Password:" { send "$R_PWD\n"; exp_continue } # 发送密码后继续等待
eof # 等待进程自然结束
}
EOF
#ssh到远端获取ip
expect <<EOF >$LOG_PATH
set timeout 3; # 延长超时时间到10秒
spawn ssh $R_USER@$R_IP "$CMD_IP"
expect {
"yes/no" { send "yes\n"; exp_continue } # 继续等待后续交互
"Password:" { send "$R_PWD\n"; exp_continue } # 发送密码后继续等待
eof # 等待进程自然结束
}
EOF
#判断是否获取到ip
cat $LOG_PATH |grep -q "IPv4 Address"
if [ $? -eq 0 ];then
echo "当前公钥正常,继续"
else
echo "当前公钥异常,退出"
exit
fi
##############################################
#copy其它公钥
echo "--------- 开始推送其它公钥 ---------"
for i in `echo $KEY_PATH_LIST`
do
KEY_VAR=`cat $i`
###判断远端是否存在key
#远端auth值
R_AUTH_VAR=`ssh -p $R_PORT $R_USER@$R_IP "cat $R_AUTH_PATH"`
echo $R_AUTH_VAR |grep "$KEY_VAR" >/dev/null
#
if [ $? -eq 0 ];then
echo "跳过,$i 已存在:$R_IP"
continue
else
ssh -p $R_PORT $R_USER@$R_IP "echo $KEY_VAR >>$R_AUTH_PATH"
echo "推送,$i 已完成:$R_IP"
fi
done
echo "--------- 推送动作操作结束 ---------"