Article From:https://www.cnblogs.com/kevingrace/p/9063745.html

 

Recently, IDC has launched a number of Hadoop big data business servers, due to cluster environment.The mutual trust relationship between SSH and no password login is needed between these servers.Specific realization ideas:In any of these servers, the public key file is generated by “ssh-keygen -t RSA”, and then the public key file is copied into a authorized_keys file, and all the files under its.Ssh directory are copied to the /roo of the other server.The t/.ssh directory (that is, the.Ssh of the current user family directory) can be used.。The SSH ports of this batch of Hadoop servers are 22 by default, and the password is kevin123456 by default. The list of IP is as follows:

192.168.10.202
192.168.10.203
192.168.10.205
192.168.10.206
192.168.10.207
192.168.10.208

Be careful:After batch deployment of trust relations, the public key files id_rsa and id_rsa.pub of the target machine will be covered, but the authorized_keys files will not be covered and only add new content, so if the target machine has done other trust relations before the target machine, in the new letterAfter the relationship is ready, the old trust relationship will not be lost.

1)Method 1 (applicable to a small number of machines)

First, public and private key files are produced on either server, such as 192.168.10.202.[root@server-202 -] ssh-keygen -t RSA[root@server-202 -] LS/root/.ssh/Id_rsa id_rsa.pub[root@server-202] CP /root/.ssh/id_rsa.pub /root/.ssh/authorized_kEys[root@server-202 -] LS /root/.ssh/Authorized_keys id_rsa id_rsa.pub[root@server-202 -] VIM/root/hosts192.168.10.202192.168.10.203192.168.10.205192.168.10.206192.168.10.207192.168.10.208[root@server-202 ~] for I in `cat /root/hosts`; do Rsync -e "SSH -p22" SSHI:/root/; doneAfter executing this command, you need to manually enter your password many times.After execution, these machines can be logged in through the SSH password, that is, mutual trust relationship is realized. Check the /root/.ssh directory of these machines and find their public and private key files.It's the 192.168.10.202 machine.This method is only suitable for a small number of servers, because it involves midway manual interaction (input password, etc.). If the number of servers is large, it is a silly X to apply this approach, which requires the following method.

2)Method two (using the expect tool for a large number of machines)
expectIs a very interactive script language, can help the operation and maintenance personnel to achieve batch management of hundreds of server operations, is a very practical batch deployment tool! Expect relies on TCL, and Linux systems do not usually install TCL themselves, so manual installation is required. Choose any of themOperation on a server, for example, here is the 192.168.10.202 machine. Download address of expect-5.43.0.tar and tcl8.4.11-src.tar: https://pan.baidu.com/s/1kVyeLt9 extract the password:af9p

Download expect and TCL software packages to /usr/local/src directory, decompress TCL, enter TCL decompression directory, then enter UNIX directory to compile and install.[root@server-202 -] CD /usr/lOcal/src/[root@server-202 src]# tar -zvxf tcl8.4.11-src.tar.gz[root@server-202 src]# CD tcl8.4.11/UNIX[root@server-202 unix]#./configure[root@server-202 unix]# make & & make installInstall exPect[root@server-202 src]# tar -zvxf expect-5.43.0.tar.gz[root@server-202 src]# CD expect-5.43.0[Root@server-202 expect-5.43.0]#./configure --with-tclinclude=/usr/local/src/tcl8.4.11/generic --witH-tclconfig=/usr/local/lib/[root@server-202 expect-5.43.0]# make & & make installAfter the installation is completed, the test is carried out.try[root@server-202 -] expectExpect1.1>[root@server-202 -] which expect/usr/local/bin/expecTSoftware to do a expect execution file[root@server-202] ln -s /usr/local/bin/expect /usr/bin/expect[root@server-202 -] ll /usr/bin/expectThe scripts for mass implementation of trust relationships are as follows:[root@server-202 -] VIM /opt/ssh_auth.sh/bin/shDEST_USER=$1PASSWORD=$2HOSTS_FILE=$3If [$-ne 3]; thenEcho "Usage:"Echo "$0 remoteUsEr remotePassword hostsFile "Exit 1FiSSH_DIR=~/.sshSCRIPT_PREFIX=./tmpEcho = = = = = = = = = = = = = = = = = = = = = = = = = = = = =That = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =1. prepare directory.SshMKDIR $SSH_DIRChmod 700 $SSH_DIR2. GeNerat SSH keyTMP_SCRIPT=$SCRIPT_PREFIX.shEcho "/usr/bin/expect" > $TMP_SCRIPTEcho "spawnSsh-keygen -b 1024 -t RSA "> > $TMP_SCRIPTEcho "expect *key*" > > $TMP_SCRIPTEcho "send\r "> > $TMP_SCRIPTIf [-f $SSH_DIR/id_rsa]; thenEcho "expect *verwrite*" > > $TMP_SCRIPTEcho "send y\r" > > $TMP_SCRIPTFiEcho "expect *passphrase*" > > $TMP_SCRIPTEcho "send \r" > > $TMP_SCRIPTEcho "expect *again:" > > $TMP_SCRIPTEcho "send \r" > &gT; $TMP_SCRIPTEcho "interact" > > $TMP_SCRIPTChmod +x $TMP_SCRIPT/usr/bin/expect $TMP_SCRIPTRM $TMP_SCRIPT3. generat file authorized_keysCat $SSH_DIR/id_rsa.pub> > $SSH_DIR/authorized_keys4. Chmod 600 for file authorized_keysChmod 600 $SSH_DIR/authorized_keYSEcho = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =5. copy all files to other hostsFor IP in $(cat $HOSTS_F)ILE)DoIf ["x$ip"! = "X"]; thenEcho - -- - --- - ----TMP_SCRIPT=${SCRIPT_PREFIX}.$ip.shCheck known_hostsVal=`ssh-keygen -F $ip`If["x$val" = = "X"]; thenEcho "$ip not in $SSH_DIR/known_hosts, need to add"Val=`ssh-keyscan $ip 2> /dev/null`If ["x$val" = = "X"]; thenECho "ssh-keyscan $ip failed!"ElseEcho $val> > $SSH_DIR/known_hosTSFiFiEcho "copy $SSH_DIR to $ip"ECHO "/usr/bin/expect" > $TMP_SCRIPTEcho "spawn SCP -r $SSH_DIR $DEST_USER@$ip:~/" > ≫ $TMP_SCRIPTEcho "expect *assword*" > > $TMP_SCRIPTEcho "send $PASSWORD\r"> > $TMP_SCRIPTEcho "interact" > > $TMP_SCRIPTChmod +x $TMP_SCRIPT#echo "/usr/bin/expect $TMP_SCRIPT" > $TMP_SCRIPT.do#sh $TMP_SCRIPT.do&Amp;/usr/bin/expect $TMP_SCRIPTRM $TMP_SCRIPTEcho "copy done."FiDoneEcho done.In the same directory of the script file, a new file named host will be built, and the machine name or IP address of SSH mutual trust will be added to the file.Each machine name or IP accounts for one line, such as:[root@server-202 -] VIM /opt/host192.168.10.202192.168.10.203192.168.10.205One hundred and ninety-two168.10.206192.168.10.207192.168.10.208Finally, you can run the script ssh_auth.sh file. Ssh_auth.sh accepts three parameters, remote machine username, password and HOS.T file name (relative path or absolute path).[root@server-202] sh /opt/ssh_auth.sh root kevin123456 /opt/hostThen look at the rest of the server,It is found that the files in the.Ssh directory are consistent with the files in the.Ssh directory of the 192.168.10.202 machine.In the end, you can login SSH between these machines without mutual trust.That = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = == = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =Note: the script above is aimed at 22 of the server SSH port. If SSH is not a 22 port, for example, the 22222 port.Mouth.You only need to modify the following two lines in the ssh_auth.sh script:[root@server-202] CP /opt/ssh_auth.sh /opt/ssh_auth.sh.bak[root@Server-202], VIM /opt/ssh_auth.sh /opt/ssh_auth.sh, note the following P, P...Val=`ssh-keyscan $ip 2>/dev/null`Modify it toVal=`ssh-keyscan -p 22222 $ip 2> /dev/null`...Echo "spawn SCP -r $SSH_DIR $DEST_USER@$ip:~/ "> > $TMP_SCRIPTModify it toEcho "spawn SCP -P 22222 -r $SSH_DIR $DEST_USER@$ip:~/" &gT; > $TMP_SCRIPT[root@server-202] diff /opt/ssh_auth.sh /opt/ssh_auth.sh.bak57c57<Val=`ssh-keyscan -p 22222 $ip 2> /dev/null`-> val=`ssh-keyscan $ip 2>/dev/null`67c67< echo "spawn SCP -P 22222 -r $SSH_DIR $DEST_USER@$ip:~/" > > $TMP_SCRIPT-> echo "spawn SCP -r $SSH_DIR $DEST_USER@$ip:~/" > > $TMP_SCRIPTLast holdLine scripts, mutual trust relationship can be deployed in batches.[root@server-202] sh /opt/ssh_auth.sh root kevin123456 /opt/host

Leave a Reply

Your email address will not be published. Required fields are marked *