linux下通过expect自动交互生成RSA
需求背景测试环境几百台的测试应用服务器统一通过saltstack集中管理后,需要通过master端在远程在所有minion端执行交互式命令,如:
# ssh-keygen -t rsa -C "abc@163.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ac:bb:48:50:1b:17:9a:25:73:1d:ff:5b:e5:e5:a8:ec abc@163.com
#
由于以上shell命令存在交互式场景,所以传统的shell命令无法满足该需求,需要通过expect来实现。
Expect介绍
使用expect实现交互式场景的脚本,网上有很多,可是都没有一个明白的说明,初学者一般都是照抄、收藏。可是为什么要这么写却不知其然。我们先用一个最短的例子说明脚本的原理。
脚本代码如下:
##############################################
#!/usr/bin/expect
set timeout 30
spawn ssh -l username 192.168.1.1
expect "password:"
send "ispass/r"
interact
##############################################
1. [#!/usr/bin/expect]
这一行告诉操作系统脚本里的代码使用那一个shell来执行。这里的expect其实和linux下的bash、windows下的cmd是一类东西。
注意:这一行需要在脚本的第一行。
2. [set timeout 30]
基本上认识英文的都知道这是设置超时时间的,现在你只要记住他的计时单位是:秒
3. [spawn ssh -l username 192.168.1.1]
spawn是进入expect环境后才可以执行的expect内部命令, 如果没有装expect或者直接在默认的SHELL下执行是找不到spawn命令的。所以不要用 “which spawn“之类的命令去找spawn命令。好比windows里的dir就是一个内部命令,这个命令由shell自带,你无法找到一个dir.com 或 dir.exe 的可执行文件。
它主要的功能是给ssh运行进程加个壳,用来传递交互指令。
4. [expect “password:”]
这里的expect也是expect的一个内部命令,有点晕吧,expect的shell命令和内部命令是一样的,但不是一个功能,习惯就好了。这个 命令的意思是判断上次输出结果里是否包含“password:”的字符串,如果有则立即返回,否则就等待一段时间后返回,这里等待时长就是前面设置的30 秒
5. [send “ispass/r”]
这里就是执行交互动作,与手工输入密码的动作等效。
温馨提示: 命令字符串结尾别忘记加上“/r”,如果出现异常等待的状态可以核查一下。
6. [interact]
执行完成后保持交互状态,把控制权交给控制台,这个时候就可以手工操作了。如果没有这一句登录完成后会退出,而不是留在远程终端上。
实现步骤
本地验证时,先新建名称为sshkey.sh的shell脚本,内容如下:
#!/usr/bin/expect -f
set timeout 1
spawn ssh-keygen -t rsa -C "abc@123.com"
expect "Enter file in which to save the key (/root/.ssh/id_rsa):"
send "\r"
expect -re "Overwrite?"
if { $expect_out(0,string) == "Overwrite" } {
send "y\r"
expect "*Enter passphrase*"
send "\r"
expect "*Enter same passphrase again*"
send "\r"
interact
} else {
send "\r"
expect "*Enter passphrase*"
send "\r"
expect "*Enter same passphrase again*"
send "\r"
interact
}
#cat ~/.ssh/id_rsa.pub
赋予该脚本可执行权限:
# chmod +x sshkey.sh
执行该脚本,自动交互生成/root/.ssh/id_rsa文件:
# ./sshkey.sh
spawn ssh-keygen -t rsa -C abc@123.com
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
84:cf:2c:24:aa:3a:eb:03:ef:73:36:3f:75:60:80:db abc@123.com
#
主控机批量执行,先将以上脚本copy到主控机的salt管理目录:/srv/salt/script
然后执行以下命令:
# salt 'staging-all-in-one-10.199*' cmd.script salt://script/sshkey.sh
staging-all-in-one-10.199.169.51:
----------
pid:
1398
retcode:
1
stderr:
send: spawn id exp5 not open
while executing
"send "\r""
invoked from within
"if { $expect_out(0,string) == "Overwrite" } {
send "y\r"
expect "*Enter passphrase*"
send "\r"
expect "*Enter same passphrase again*"
s..."
(file "/tmp/tmpRBilfX.sh" line 7)
stdout:
spawn ssh-keygen -t rsa -C gaofeng.lei@vipshop.com
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
23:ad:8f:25:12:08:e0:a8:86:c9:0d:d0:09:fc:65:38 gaofeng.lei@vipshop.com
验证是否远程执行成功:
# salt 'staging-all-in-one-10.199.169.51' cmd.run "cat ~/.ssh/id_rsa.pub"
staging-all-in-one-10.199.169.51:
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5HbUJYP8TYINsUn24bugT6mej13nFJspNzOvDly6EbjmrMakSfovu67LsjQGIViwPoNsE2rGk6iFO+P2wdth0ZyfhaNRg5+woZWZRSPZ7Fs8qhqFeaBN/dwsZGYUdF6OivLvdMnJ/osBlBIia610kHCc775vc2eO+ddwu3IK5KeLP7PRqKtk1BOnPzlZvI/lZsPxmggW4TL4UHcSCL7XK1PRKPhf6rvJ68wksGgoDxmMD4BGhB3H63ebnI8tzpn0spLWh3SJnJfhK09jrHNIv7P3Jj2UkdcqJc0uhNYolSL/IUVq12KxFY7SXG2aMHvhdJsHXrf6+XNThSFwXCu7Mw== abc@163.com
页:
[1]