页面“Centos7服务器初始化”与“Expect基础”之间的差异
(页面间的差异)
跳到导航
跳到搜索
第1行: | 第1行: | ||
− | = | + | =添加pubkey= |
+ | ==多台添加pubkey == | ||
<pre> | <pre> | ||
+ | cat main | ||
#!/bin/bash | #!/bin/bash | ||
− | + | for ip in `cat list` | |
− | |||
− | |||
− | + | do | |
− | + | #echo $ip | |
− | # | + | ./addkey $ip |
− | |||
− | + | done | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | cat addkey | ||
+ | #!/usr/local/bin/expect | ||
+ | #define var | ||
+ | set timeout 17 | ||
+ | # #<==接受第一个参数,赋值host | ||
+ | set host [lindex $argv 0] | ||
+ | set password "P2xMGipLpSG7dA==" | ||
− | |||
− | + | #spawn | |
+ | spawn ssh-copy-id -i /home/evan/lx/ssh/opspub root@$host | ||
+ | #spawn ssh-copy-id -i /home/evan/.ssh/id_rsa.pub root@$host | ||
+ | #ssh-copy-id -i /home/evan/.ssh/id_rsa.pub [email protected] | ||
− | # | + | #expect |
+ | expect { | ||
+ | "*yes/no" { send "yes\r"; exp_continue} | ||
+ | "*password:" { send "$password\r" } | ||
+ | } | ||
+ | #send "exit\r" | ||
+ | expect eof | ||
− | + | cat list | |
− | + | 192.168.7.4 | |
− | + | 192.168.7.46 | |
− | |||
− | |||
− | |||
− | |||
− | # | + | ##上面用了copy-id 如果想用scp etc |
− | |||
− | + | #!/usr/bin/expect | |
+ | set timeout 5 | ||
+ | set hostno [lindex $argv 0] | ||
+ | spawn scp ~/.ssh/id_dsa.pub impala$hostno:~/.ssh/pub_key | ||
+ | expect "*password*" | ||
+ | send "111111\r" | ||
+ | spawn ssh impala$hostno "cat ~/.ssh/pub_key/ >> ~/.ssh/authorized_keys" | ||
+ | expect "*password*" | ||
+ | send "111111\r" | ||
+ | spawn ssh impala$hostno "chmod 600 ~/.ssh/authorized_keys" | ||
+ | expect "*password*" | ||
+ | send "111111\r" | ||
+ | expect eof | ||
− | + | (3)分析: | |
− | + | set可以设置超时,或者设置一个变量的值 | |
− | + | spawn是执行一个命令 | |
− | + | expect等待一个匹配的输出流中的内容 | |
− | + | send是匹配到之后向输入流写入的内容 | |
− | + | [lindex $argv 0]表示脚本的第0个参数 | |
− | + | expect eof表示读取到文件结束符 | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | == | + | ==多台添加ssh安全(远程执行命令和退出) == |
− | |||
− | |||
<pre> | <pre> | ||
− | cat | + | cat run |
− | + | #!/usr/local/bin/expect | |
− | + | #define var | |
− | + | set timeout 17 | |
− | + | set host [lindex $argv 0] | |
− | + | set password "evan==" | |
− | |||
− | |||
− | + | #spawn | |
− | + | spawn ssh root@$host | |
− | + | expect { | |
− | + | "*#*" { send "sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config\r"; | |
− | + | send "sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config\r" | |
− | + | send "systemctl restart sshd\r" | |
+ | #send "\r" | ||
+ | } | ||
+ | } | ||
+ | send "exit\r" | ||
+ | expect eof | ||
− | + | cat main | |
− | + | #!/bin/bash | |
− | + | for ip in `cat list` | |
− | |||
− | + | do | |
− | + | #echo $ip | |
− | + | #./addkey $ip | |
− | + | ./run $ip | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
+ | done | ||
+ | #run | ||
+ | bash main | ||
</pre> | </pre> | ||
− | == | + | ==单个== |
<pre> | <pre> | ||
− | + | vi addkey | |
− | + | #!/usr/local/bin/expect | |
+ | #SERVERS="101.00.208.197 120.40.043.52 " | ||
+ | set timeout 5 | ||
+ | set host [lindex $argv 0] | ||
+ | spawn ssh-copy-id -i /home/evan/.ssh/id_rsa.pub root@$host | ||
+ | #ssh-copy-id -i /home/evan/.ssh/id_rsa.pub [email protected] | ||
+ | expect { | ||
+ | "*yes/no" { send "yes\r"; exp_continue} | ||
+ | "*password:" { send "P2xMGipLpSG7dA==\r" } | ||
+ | } | ||
− | + | expect eof | |
− | |||
− | |||
− | |||
+ | 用法 | ||
+ | ./addkey 18.80.216.19 #这是你的IP | ||
</pre> | </pre> | ||
− | = | + | =on dovo= |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<pre> | <pre> | ||
− | # | + | #!/usr/bin/expect |
− | + | #good on new kali 这个在新的kali 上是ok的 | |
− | + | set timeout 30 | |
− | + | set sshIP "4.88.1.2" | |
− | + | set keypassword "ZdvV" | |
− | + | set rootPassword "5D" | |
− | + | #spawn ssh -o StrictHostKeyChecking=no -i /root/key evan@$sshIP | |
− | + | expect "Enter passphrase" | |
− | + | send "$keypassword\r" | |
− | + | expect "]$" | |
− | + | send "sudo -i\r" | |
− | + | expect "xxxxx" | |
− | + | send "$rootPassword\r" | |
− | + | expect "]#" | |
− | + | ## run command | |
− | + | #send "cat /root/1 && echo 'test was ok .';exit\r" | |
− | + | #send "bash /data/tmp/dbins && echo 'dbins was ok.';exit\r" | |
− | + | #expect "52wan" | |
− | + | #send "exit\r" | |
− | + | #expect eof {exit 0} | |
− | + | interact | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | } | ||
− | + | #!/usr/bin/expect | |
− | # | + | # on old kali 这个在老的kali |
− | + | set timeout 30 | |
− | + | set sshIP "4.88.1.2" | |
+ | set keypassword "Zd" | ||
+ | set rootPassword "5D" | ||
+ | spawn ssh -o StrictHostKeyChecking=no -i /home/key evan@$sshIP | ||
+ | expect "Enter passphrase" | ||
+ | send "$keypassword\r" | ||
+ | expect "52wan" | ||
+ | send "sudo -i\r" | ||
+ | expect "password for 52wan:" | ||
+ | send "$rootPassword\r" | ||
+ | expect "]#" | ||
+ | ## run command | ||
+ | #send "cat /root/1 && echo 'test was ok .';exit\r" | ||
+ | #send "bash /data/tmp/dbins && echo 'dbins was ok.';exit\r" | ||
+ | #expect "52wan" | ||
+ | #send "exit\r" | ||
+ | #expect eof {exit 0} | ||
+ | interact | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
</pre> | </pre> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− |
2019年11月12日 (二) 09:45的版本
添加pubkey
多台添加pubkey
cat main #!/bin/bash for ip in `cat list` do #echo $ip ./addkey $ip done cat addkey #!/usr/local/bin/expect #define var set timeout 17 # #<==接受第一个参数,赋值host set host [lindex $argv 0] set password "P2xMGipLpSG7dA==" #spawn spawn ssh-copy-id -i /home/evan/lx/ssh/opspub root@$host #spawn ssh-copy-id -i /home/evan/.ssh/id_rsa.pub root@$host #ssh-copy-id -i /home/evan/.ssh/id_rsa.pub [email protected] #expect expect { "*yes/no" { send "yes\r"; exp_continue} "*password:" { send "$password\r" } } #send "exit\r" expect eof cat list 192.168.7.4 192.168.7.46 ##上面用了copy-id 如果想用scp etc #!/usr/bin/expect set timeout 5 set hostno [lindex $argv 0] spawn scp ~/.ssh/id_dsa.pub impala$hostno:~/.ssh/pub_key expect "*password*" send "111111\r" spawn ssh impala$hostno "cat ~/.ssh/pub_key/ >> ~/.ssh/authorized_keys" expect "*password*" send "111111\r" spawn ssh impala$hostno "chmod 600 ~/.ssh/authorized_keys" expect "*password*" send "111111\r" expect eof (3)分析: set可以设置超时,或者设置一个变量的值 spawn是执行一个命令 expect等待一个匹配的输出流中的内容 send是匹配到之后向输入流写入的内容 [lindex $argv 0]表示脚本的第0个参数 expect eof表示读取到文件结束符
多台添加ssh安全(远程执行命令和退出)
cat run #!/usr/local/bin/expect #define var set timeout 17 set host [lindex $argv 0] set password "evan==" #spawn spawn ssh root@$host expect { "*#*" { send "sed -i 's/#PubkeyAuthentication yes/PubkeyAuthentication yes/g' /etc/ssh/sshd_config\r"; send "sed -i 's/^PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config\r" send "systemctl restart sshd\r" #send "\r" } } send "exit\r" expect eof cat main #!/bin/bash for ip in `cat list` do #echo $ip #./addkey $ip ./run $ip done #run bash main
单个
vi addkey #!/usr/local/bin/expect #SERVERS="101.00.208.197 120.40.043.52 " set timeout 5 set host [lindex $argv 0] spawn ssh-copy-id -i /home/evan/.ssh/id_rsa.pub root@$host #ssh-copy-id -i /home/evan/.ssh/id_rsa.pub [email protected] expect { "*yes/no" { send "yes\r"; exp_continue} "*password:" { send "P2xMGipLpSG7dA==\r" } } expect eof 用法 ./addkey 18.80.216.19 #这是你的IP
on dovo
#!/usr/bin/expect #good on new kali 这个在新的kali 上是ok的 set timeout 30 set sshIP "4.88.1.2" set keypassword "ZdvV" set rootPassword "5D" #spawn ssh -o StrictHostKeyChecking=no -i /root/key evan@$sshIP expect "Enter passphrase" send "$keypassword\r" expect "]$" send "sudo -i\r" expect "xxxxx" send "$rootPassword\r" expect "]#" ## run command #send "cat /root/1 && echo 'test was ok .';exit\r" #send "bash /data/tmp/dbins && echo 'dbins was ok.';exit\r" #expect "52wan" #send "exit\r" #expect eof {exit 0} interact #!/usr/bin/expect # on old kali 这个在老的kali set timeout 30 set sshIP "4.88.1.2" set keypassword "Zd" set rootPassword "5D" spawn ssh -o StrictHostKeyChecking=no -i /home/key evan@$sshIP expect "Enter passphrase" send "$keypassword\r" expect "52wan" send "sudo -i\r" expect "password for 52wan:" send "$rootPassword\r" expect "]#" ## run command #send "cat /root/1 && echo 'test was ok .';exit\r" #send "bash /data/tmp/dbins && echo 'dbins was ok.';exit\r" #expect "52wan" #send "exit\r" #expect eof {exit 0} interact