- 论坛徽章:
- 18
|
谢谢。
转帖到这里:- #!/bin/sh
- ################################################################################################################
- ### makedate:2011-09-09 ###
- ### Licensed Materials - Property of vsyour Technologies Co., Ltd. ###
- ### http://eggic.com ###
- ### admin@eggic.com ###
- ### release 1.0 ###
- ### Copyright 2010-2012 Support Engineers. ###
- ### All rights reserved. ###
- ###建立: ###
- ###user:vsyour ###
- ###ATCAX86_F0S0:172.16.128.0 ###
- ###ATCAX86_F0S1:172.16.128.8 ###
- ### ###
- ###步骤: ###
- ###1、在自己单板生成密钥。 ###
- ###ssh-keygen -t dsa -N "" -f /home/vsyour/.ssh/id_dsa ###
- ###2、把自己的公钥拷到对方单板。(可以不用密码连到对方了) ###
- ###scp /home/vsyour/.ssh/id_dsa.pub 172.16.128.0:/home/vsyour/.ssh/authorized_keys2 ###
- ###3、连到对方单板生成密钥。 ###
- ###ssh 172.16.128.0 "ssh-keygen -t dsa -N \"\" -f /home/vsyour/.ssh/id_dsa" ###
- ###4、把对方单板的公钥拷回来。 ###
- ###scp 172.16.128.0:/home/vsyour/.ssh/id_dsa.pub /home/vsyour/.ssh/authorized_keys2 ###
- ### ###
- ###考虑到的问题: ###
- ###1、root用户目录生成KEY的目录与普通用户不一样。 ###
- ###2、当前用户如果是root用户,则需切换到要生成的用户进行密钥生成。 ###
- ###3、生成时一些需要交互的情况 ###
- ###4、拷文件到对方单板时如果对方没有.ssh目录,必须先成生一个。这个问题可以先交互连过去生成一下对方的密钥。 ###
- ###5、如果用户不相同的情况下,需要在scp文件时增加一个用户名,否则拷不过去 ###
- ###使用方法:fast_trust.sh 本地用户名 远程用户名 远程密码 远程ip ###
- ### 如:fast_trust.sh vsyour vsyour vsyour 172.16.128.0 ###
- ### 注意:如果远程用户名与本地不相同测试连接时需要增加一个用户名如ssh vsyour1@172.16.128.0 ###
- ################################################################################################################
- declare FBS_SH_NAME=fast_trust
- declare local_user=${1:-root} #要创建本地哪个用户与对方的双机信任关系。如果为空默认为root
- declare remote_user=${2:-root} #远程需要建立双机信任的用户,默认为root
- declare remote_password=${3:-huawei} #远程用户的密码
- declare remote_ip=${4} #远程需要建立双机信任的ip地址
- declare LOG=/tmp/trust_vsyour.log
- # 设置打印元素,颜色、格式等
- # 使用说明:使用printf或者echo “<颜色/格式><字符串><FBS_CLOSED>”
- declare FBS_ESC=`echo -en "\033"`;
- declare FBS_EXTD="${FBS_ESC}[1m";
- declare FBS_WARN="${FBS_ESC}[1;31m"; # warning,红色
- declare FBS_DONE="${FBS_ESC}[1;32m"; # done,绿色
- declare FBS_ATTN="${FBS_ESC}[1;33m"; # attention,黄色
- declare FBS_HELP="${FBS_ESC}[1;36m"; # help,高亮明蓝色
- declare FBS_PROMPT="${FBS_ESC}[1;37m"; # prompt,高亮白色
- declare FBS_HEAD="${FBS_ESC}[7;37m"; # head,高亮白色,反显
- declare FBS_CLOSED="${FBS_ESC}[0m"; # 颜色设置结束符号
- declare FBS_NORM=`echo -en "${FBS_ESC}[m\017"`
- declare FBS_STAT=`echo -en "\015${FBS_ESC}[${COLUMNS}C${FBS_ESC}[10D"`
- # 参数(2): 大小,以K为单位,默认为1M
- declare -i l_logSize=1024;
- #先判断日志文件是否存在,再取日志的大小,
- #如果大于1G就检测日志备份文件是否存在,
- #如果存在就把备份删掉再改名成日志备份名字。
- #否则把日志直接改名。
- if [ -f ${LOG} ];then
- logsum=`du -sk ${LOG} |awk '{print $1}'`
- #1M后把日制备份
- if [ "${logsum}" -gt "${l_logSize}" ];then
- if [ -f ${LOG}_bak ];then
- rm -rf ${LOG}_bak;
- mv ${LOG} ${LOG}_bak;
- else
- mv ${LOG} ${LOG}_bak;
- fi
- fi
- fi;
- ######################################################################
- #
- # FUNCTION : usage
- # DESCRIPTION: 打印帮助信息
- # CALLS : NA
- # CALLED BY : NA
- # INPUT : 参数1: 无
- # OUTPUT : NA
- # USE GLOBVAR: NA
- # RETURN : 0: 成功
- # OTHERS : 从该函数不可以退出脚本
- #
- ######################################################################
- function usage ()
- {
- # 打印帮助信息,但不退出
- echo "\
- Usage: ./${FBS_SH_NAME}.sh <local user> <remote user> <remote password> <remote ip>
- Arguments:
- <local user> local user
- <remote user> remote user
- <remote password> user's password
- <remote ip> IP address
- ";
-
- return 0;
- }
- #生成KEY函数,传用户名进来并按用户生成密钥。此函数仅生成本地的key
- function make_local_key()
- {
-
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start function make_local_key ,opt is :$@" >>${LOG} 2>&1;
- #先判断传进来的用户是不是root用户。如果不是root则把双机信任文件生成到home目录下
- if [ ${1} == "root" ];then
- local_key_path=/root/.ssh/id_dsa
- else
- local_key_path=/home/${1}/.ssh/id_dsa
- fi
-
- #判断本地的当前用户是不是与传过来的用户相同,如果相同则不切换生成。
- if [ `whoami` == ${1} ];then
- /usr/bin/expect <<EOF
- spawn ssh-keygen -t dsa -N "" -f ${local_key_path}
- set timeout 30
- expect "*Overwrite*" { send "y\n" }
- expect "*fingerprint*" { exit 0 }
- expect eof { exit 0 }
- EOF
- else
- /usr/bin/expect <<EOG
- spawn su - ${1} -c "ssh-keygen -t dsa -N \"\" -f ${local_key_path}"
- set timeout 30
- expect "*Overwrite*" { send "y\n" }
- expect "*fingerprint*" { exit 0 }
- expect eog { exit 0 }
- EOG
- fi
-
- }
- #-----------------------------------------------------------------------
- #
- # make_remote_key生成远程密钥
- #-----------------------------------------------------------------------
- function make_remote_key()
- {
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start make_remote_key ,opt is :$@" >>${LOG} 2>&1;
- #先判断传进来的用户是不是root用户。如果不是root则把双机信任文件生成到home目录下
- if [ ${2} == "root" ];then
- remote_key_path=/root/.ssh/id_dsa
- else
- remote_key_path=/home/${2}/.ssh/id_dsa
- fi
-
- #连过去把密钥生成一次
- /usr/bin/expect <<EOH
- spawn ssh -q ${2}@${1} "ssh-keygen -t dsa -N \"\" -f ${remote_key_path};echo \"vsyour\""
- set timeout 30
- expect "*yes/n*" { send "yes\n" }
- expect "*password:*" { send "$3\n" }
- expect "*Overwrite*" { send "y\n" }
- expect "*fingerprint*" { exit 0 }
- expect eoh { exit 0 }
- EOH
- }
- #-----------------------------------------------------------------------
- #
- # copy_key 复制钥密
- #-----------------------------------------------------------------------
- function copy_key()
- {
-
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start copy_key ,opt is :$@" >>${LOG} 2>&1;
- #算出远程路径
- if [ ${3} == "root" ];then
- remote_key_path=/root/.ssh/id_dsa >>${LOG} 2>&1;
- else
- remote_key_path=/home/${3}/.ssh/id_dsa >>${LOG} 2>&1;
- fi
- #先判断传进来的用户是不是root用户。如果不是root则把双机信任文件生成到home目录下
- if [ ${1} == "root" ];then
- local_key_path=/root/.ssh/id_dsa >>${LOG} 2>&1;
- else
- local_key_path=/home/${1}/.ssh/id_dsa >>${LOG} 2>&1;
- fi
- #把自己的key拷到对方单板
- tmp_path=`dirname ${remote_key_path}`/authorized_keys2
- /usr/bin/expect <<EOI
- spawn scp ${local_key_path}.pub ${3}@${2}:${tmp_path}
- set timeout 30
- expect "*yes/n*" { send "yes\n" }
- expect "*password:*" { send "$3\n" }
- expect "*Overwrite*" { send "y\n" }
- expect "*fingerprint*" { exit 0 }
- expect eoi { exit 0 }
- EOI
- #把对方单板的KEY拷回来
- tmp_path=`dirname ${local_key_path}`/authorized_keys2
- /usr/bin/expect <<EOK
- spawn scp ${3}@${2}:${remote_key_path}.pub ${tmp_path}
- set timeout 30
- expect "*yes/n*" { send "yes\n" }
- expect "*password:*" { send "$3\n" }
- expect "*Overwrite*" { send "y\n" }
- expect "*fingerprint*" { exit 0 }
- expect eok { exit 0 }
- EOK
- }
- #-----------------------------------------------------------------------
- # Main
- # 正式开始运行脚本
- #-----------------------------------------------------------------------
- if [ $# -le 1 ];then
- usage;
- exit 1;
- fi
-
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start script===================================================" >>${LOG} 2>&1;
- echo "${FBS_DONE}`date +%Y-%m-%d\ %H:%M:%S` Now Start script ${FBS_CLOSED}"
- make_local_key ${local_user} >/dev/null 2>&1;
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start make_local_key ,the result is :$?" >>${LOG} 2>&1;
- echo "${FBS_DONE}`date +%Y-%m-%d\ %H:%M:%S` Now runing make_local_key ${FBS_CLOSED}"
- make_remote_key ${remote_ip} ${remote_user} ${remote_password} >/dev/null 2>&1;
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start make_remote_key ,the result is :$?" >>${LOG} 2>&1;
- echo "${FBS_DONE}`date +%Y-%m-%d\ %H:%M:%S` Now runing make_remote_key ${FBS_CLOSED}"
- copy_key ${local_user} ${remote_ip} ${remote_user} ${remote_password} >/dev/null 2>&1;
- echo "`date +%Y-%m-%d\ %H:%M:%S` Start copy_key ,the result is :$?" >>${LOG} 2>&1;
- echo "${FBS_DONE}`date +%Y-%m-%d\ %H:%M:%S` Now runing copy_key ${FBS_CLOSED}"
- echo "`date +%Y-%m-%d\ %H:%M:%S` ok The script is run End========================================" >>${LOG} 2>&1;
- echo "${FBS_DONE}`date +%Y-%m-%d\ %H:%M:%S` ok The script is run End${FBS_CLOSED}"
|
|
免费注册
楼主: bikkuri
发表于 2014-07-31 16:36
再说个可行的方案,在pxe/kickstart的时候post-install部分把key放进去,然后在ssh simulator设备如secure CR/putty打开转发,就可以了。