课时138：变量进阶_变量实践

课时138：变量进阶_变量实践_综合案例

2.1.3 综合案例

学习目标

这一节，我们从免密认证、脚本实践、小结三个方面来学习

免密认证

案例需求

	A 以主机免密码认证 连接到 远程主机B

在这里插入图片描述

我们要做主机间免密码认证需要做三个动作1、本机生成密钥对2、对端机器使用公钥文件认证3、验证

手工演示

本地主机生成秘钥对
[root@localhost ~]# ssh-keygen -t rsa -P "" -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ncra/fPpaVs+M18l9Kn7CQq33zmWQSoJ/ujuugCkNjM root@localhost
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|                 |
|   .      o   .  |
|  o    . + . . o.|
| E .    S . . +.o|
|. + .  o o o ..o.|
|     .. ..+..o  =|
|      .  .oo+ =%+|
|       o*+ ooBO*O|
+----[SHA256]-----+

将公钥信息传递给远程主机的指定用户
[root@localhost ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.12 (10.0.0.12)' can't be established.
ECDSA key fingerprint is SHA256:XUJsgk4cTORxdcswxIKBGFgrrqFQzpHmKnRRV6ABMk4.
ECDSA key fingerprint is MD5:71:74:46:50:3f:40:4e:af:ad:d3:0c:de:2c:fc:30:c0.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.12's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@10.0.0.12'"
and check to make sure that only the key(s) you wanted were added.

本地主机测试验证效果
[root@localhost ~]# ssh root@10.0.0.12 "ifconfig eth0 | grep netmas"inet 10.0.0.12  netmask 255.255.255.0  broadcast 10.0.0.255

简单实践

remotehost_sshkey_auth.sh
#!/bin/bash
# 功能：设置ssh跨主机免密码认证
# 版本：v0.1
# 作者：书记
# 联系：www.superopsmsb.com# 定制普通变量
user_dir="/root"
login_uesr='root'
login_pass='123456'# 定制数组变量
target_type=(部署 免密 退出)# 定制安装软件的函数
expect_install(){yum install expect -y >> /dev/nullecho "软件安装完毕"
}# 定制ssh秘钥对的生成
sshkey_create(){# 清理历史秘钥[ -d ${user_dir}/.ssh ] && rm -rf ${user_dir}/.ssh# 生成新的秘钥ssh-keygen -t rsa -P "" -f ${user_dir}/.ssh/id_rsa >> /dev/nullecho "秘钥生成完毕"
}# 定制expect的认证逻辑
expect_process(){# 注意：这里不要乱用$1,可以参考函数和脚本间的数组传参command="$@"expect -c "spawn ${command}expect {\"*yes/no*\" {send \"yes\r\"; exp_continue}\"*password*\" {send \"${login_pass}\r\"; exp_continue}\"*Password*\" {send \"${login_pass}\r\";}}"
}# 跨主机密码认证
sshkey_auth(){local host_list="$1"for i in ${host_list}docommand="/usr/bin/ssh-copy-id -i /root/.ssh/id_rsa.pub"remote="${login_uesr}@$i"expect_process ${command} ${remote}done
}# 定制服务的操作提示功能函数
menu(){echo -e "\e[31m---------------管理平台操作界面---------------"echo -e " 1: 秘钥准备  2: 免密认证  3: 退出操作"echo -e "-------------------------------------------\033[0m"
}# 定制脚本帮助信息
Usage(){echo "请输入有效的操作标识!!!"
}# 定制业务逻辑
while true
domenuread -p "> 请输入要操作的目标类型: " target_idif [ ${target_type[$target_id-1]} == "部署" ];thenecho "开始部署秘钥环境..."expect_installsshkey_createelif [ ${target_type[$target_id-1]} == "免密" ];thenread -p "> 请输入免密10.0.0网段主机的范围，示例{12..19}: " num_list# eval的隐藏命令解析ip_list=$(eval echo 10.0.0.${num_list})sshkey_auth ${ip_list}elif [ ${target_type[$target_id-1]} == "退出" ];thenecho "准备退出管理操作界面..."exitelseUsagefi
done

脚本执行效果
[root@localhost ~]# /bin/bash remotehost_sshkey_auth.sh
---------------管理平台操作界面---------------1: 秘钥准备  2: 免密认证  3: 退出操作
-------------------------------------------
> 请输入要操作的目标类型: 1
开始部署秘钥环境...
软件安装完毕
秘钥生成完毕
---------------管理平台操作界面---------------1: 秘钥准备  2: 免密认证  3: 退出操作
-------------------------------------------
> 请输入要操作的目标类型: 2
> 请输入免密10.0.0网段主机的范围，示例{12..19}: {12..13}
spawn /usr/bin/ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.12
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.12's password:Number of key(s) added: 1Now try logging into the machine, with:   "ssh 'root@10.0.0.12'"
and check to make sure that only the key(s) you wanted were added.---------------管理平台操作界面---------------1: 秘钥准备  2: 免密认证  3: 退出操作
-------------------------------------------
> 请输入要操作的目标类型: 3
准备退出管理操作界面...