ssh両ホストの相互接続ログイン_コードインスタンス
4086 ワード
目的:
1)正常な通信を実現するAホストとBホストの相互信頼関係を作成する
2)両ホストの相互信頼が成功した場合、次回のログインにパスワードを入力する必要はない
実際のcreateSSHスクリプトリファレンス
1)正常な通信を実現するAホストとBホストの相互信頼関係を作成する
2)両ホストの相互信頼が成功した場合、次回のログインにパスワードを入力する必要はない
実際のcreateSSHスクリプトリファレンス
#!/usr/bin/expect
# vi:set ts=8 sw=4 noet sta:
#
###########################################################################
# Description : Create SSH trust relateion automatically between two users
# parameter list:
# para1 : username@host
# para2 : passwd of user
# Output: print run log to screen
# Return: 0:success
# 1:failed
############################################################################
## variables
set prefix ">>>>>>>>>>>>"
proc usage {} {
regsub ".*/" $::argv0 "" name
send_user "USAGE:
"
send_user " $name username@host password
"
send_user "
"
exit 1
}
proc check_id_files {} {
if {! [file exists $::id_file]} {
send_user "$::prefix id file does not exits, try creating ...
"
if {[catch { spawn ssh-keygen -t rsa } error]} {
send_error "$::prefix $error
"
exit 1
}
expect -nocase -re "\(.*\):"
send -- "\r"
expect -nocase -re "passphrase.*:"
send -- "\r"
expect -nocase -re "passphrase.*again:"
send -- "\r"
expect eof
send_user "$::prefix id file successfully created
"
}
}
## get host and password from command line parameters
if {[llength $argv] != 2} {
usage
}
set user@host [lindex $argv 0]
set passwd [lindex $argv 1]
## create public key file if not found
set id_file "$env(HOME)/.ssh/id_rsa.pub"
check_id_files
## ssh to host
set yes_no 0
set ok_string SUCCESS
set timeout 6
set done 0
while {!$done} {
spawn ssh ${user@host} echo $ok_string
expect {
-nocase -re "yes/no" {
set yes_no 1
send -- "yes\r"
set done 1
}
-nocase -re "password: " {
set done 1
}
$ok_string {
send_user "$prefix SSH trust relation to ${user@host} already exits.
"
exit 0
}
eof {
send_error "$prefix Failed to create SSH to ${user@host}.
"
exit 1
}
timeout {
send_error "$prefix Create SSH to ${user@host} timeout, Failed.
"
exit 1
}
}
}
if {$yes_no} {
expect {
$ok_string {
send_user "$prefix Succeed to create SSH to ${user@host}.
"
exit 0
}
-nocase -re "password: " {}
}
}
send -- "$passwd\r"
expect {
-nocase "try again" {
send_error "$prefix passwd error
"
exit 1
}
-nocase "password:" {
send_error "$prefix passwd error
"
exit 1
}
$ok_string {}
}
expect eof
## append public key file to remote host's ~/.ssh/authorized_keys
if {[catch {
set IDFILE [open $id_file RDONLY]
set pub_key [read $IDFILE]
close $IDFILE
} error]} {
send_error "$prefix $error
"
exit 1
}
set homePermission 700
set index [string first @ ${user@host}]
set index [expr $index-1]
if {$index!=0} {
set currUser [string range ${user@host} 0 $index]
if {$currUser!="root"} {
set homePermission 755
}
}
set pub_key [string trimright $pub_key "\r
"]
spawn ssh ${user@host} "cd;chmod $homePermission .; mkdir -p .ssh; chmod $homePermission .ssh; echo '$pub_key' >> .ssh/authorized_keys"
expect -nocase -re "password:"
send -- "$passwd\r"
expect eof
# ssh ,
spawn ssh ${user@host} echo $ok_string
expect {
-nocase -re "yes/no" {
send_user "$prefix Failed to create SSH to ${user@host}.
"
exit 1
}
-nocase -re "password: " {
send_user "$prefix Failed to create SSH to ${user@host}.
"
exit 1
}
$ok_string {
send_user "$prefix Succeed to create SSH to ${user@host}.
"
exit 0
}
eof {
send_user "$prefix Failed to create SSH to ${user@host}.
"
exit 1
}
}
expect eof