expect工具可以实现自动应答,从而达到非交互的目的。
expect具体使用用法比较复杂,中文手册我正在翻译中,以后翻译完了做了整理再补。本文只有几个ssh相关最可能用上的示例。
- yum - y install expect
以下是scp自动问答的脚本。
- [root@xuexi ~]# cat autoscp.exp
- #!/usr/bin/expect
- ###########################################################
- # description: scp without interactive #
- # author : 骏马金龙 #
- # blog : http://www.cnblogs.com/f-ck-need-u/ #
- ###########################################################
- set timeout 10
- set user_hostname [lindex $argv 0]
- set src_file [lindex $argv 1]
- set dest_file [lindex $argv 2]
- set password [lindex $argv 3]
- spawn scp $src_file $user_hostname:$dest_file
- expect {
- "(yes/no)?"
- {
- send "yes\n"
- expect "*assword:" { send "$password\n"}
- }
- "*assword:"
- {
- send "$password\n"
- }
- }
- expect "100%"
- expect eof
用法:autoscp.exp [user@]hostname src_file dest_file [password]
该自动回答脚本可以自动完成主机验证和密码认证,即使已经是实现公钥认证的机器也没问题,因为公钥认证机制默认优先于密码认证,且此脚本的password项是可选的,当然,在没有实现公钥认证的情况下,password是必须项,否则expect实现非交互的目的就失去意义了。
以下是几个示例:
- [root@xuexi ~]# ./autoscp.exp 172.16.10.6 /etc/fstab /tmp 123456
- spawn scp /etc/fstab 172.16.10.6:/tmp
- The authenticity of host '172.16.10.6 (172.16.10.6)' can't be established.
- RSA key fingerprint is f3:f8:e2:33:b4:b1:92:0d:5b:95:3b:97:d9:3a:f0:cf.
- Are you sure you want to continue connecting (yes/no)? yes # 主机验证时询问是否保存host key,自动回答yes
- Warning: Permanently added '172.16.10.6' (RSA) to the list of known hosts.
- root@172.16.10.6's password: # 密码认证过程,自动回答指定的密码"123456"
- fstab 100% 805 0.8KB/s 00:00
也可以指定完成的用户名和主机名。
- [root@xuexi ~]# ./autoscp.exp root@172.16.10.6 /etc/fstab /tmp 123456
- spawn scp /etc/fstab root@172.16.10.6:/tmp
- root@172.16.10.6's password:
- fstab 100% 805 0.8KB/s 00:00
以下是在建立公钥认证机制时,ssh-copy-id拷贝公钥到服务端的自动应答脚本。
- [root@xuexi ~]# cat /tmp/autocopy.exp
- #!/usr/bin/expect
- ###########################################################
- # description: scp without interactive #
- # author : 骏马金龙 #
- # blog : http://www.cnblogs.com/f-ck-need-u/ #
- ###########################################################
- set timeout 10
- set user_hostname [lindex $argv 0]
- set password [lindex $argv 1]
- spawn ssh-copy-id $user_hostname
- expect {
- "(yes/no)?"
- {
- send "yes\n"
- expect "*assword:" { send "$password\n"}
- }
- "*assword:"
- {
- send "$password\n"
- }
- }
- expect eof
用法:autocopy.exp [user@]hostname password
以下是一个示例,
- [root@xuexi~]# / tmp / autocopy.exp root@172.16.10.6 123456 spawn ssh - copy - id root@172.16.10.6 The authenticity of host '172.16.10.6 (172.16.10.6)'can 't be established.
- RSA key fingerprint is f3:f8:e2:33:b4:b1:92:0d:5b:95:3b:97:d9:3a:f0:cf.
- Are you sure you want to continue connecting (yes/no)? yes # 主机认证时,自动应答yes
- Warning: Permanently added '172.16.10.6 ' (RSA) to the list of known hosts.
- root@172.16.10.6's password: #密码认证时自动输入密码"123456"Now
- try logging into the machine,
- with "ssh 'root@172.16.10.6'",
- and check in :
- .ssh / authorized_keys
- to make sure we haven 't added extra keys that you weren't expecting.
如果要实现批量非交互,则可以写一个shell脚本调用该expect脚本。例如:
- [root@xuexi ~]# cat /tmp/sci.sh
- #!/bin/bash
- ###########################################################
- # description: scp without interactive #
- # author : 骏马金龙 #
- # blog : http://www.cnblogs.com/f-ck-need-u/ #
- ###########################################################
- passwd=123456 # 指定要传递的密码为123456
- user_host=`awk '{print $3}' ~/.ssh/id_rsa.pub` # 此变量用于判断远程主机中是否已添加本机信息成功
- for i in $@
- do
- /tmp/autocopy.exp $i $passwd >&/dev/null
- ssh $i "grep "$user_host" ~/.ssh/authorized_keys" >&/dev/null # 判断是否添加本机信息成功
- if [ $? -eq 0 ];then
- echo "$i is ok"
- else
- echo "$i is not ok"
- fi
- done
用法:/tmp/sci.sh [user@]hostname
其中hostname部分可以使用花括号展开方式枚举。但有个bug,最好ssh-copy-id的目标不要是脚本所在的本机,可能会强制输入本机密码,但批量脚本autocopy.exp则没有此bug。
例如:
- [root@xuexi tmp]# /tmp/sci.sh 172.16.10.3 172.16.10.6
- 172.16.10.3 is ok
- 172.16.10.6 is ok
- [root@xuexi tmp]# /tmp/sci.sh 172.16.10.{3,6}
- 172.16.10.3 is ok
- 172.16.10.6 is ok
- [root@xuexi tmp]# /tmp/sci.sh root@172.16.10.3 172.16.10.6
- root@172.16.10.3 is ok
- 172.16.10.6 is ok
回到系列文章大纲:http://www.cnblogs.com/f-ck-need-u/p/7048359.html
来源: http://www.cnblogs.com/f-ck-need-u/p/7542210.html