1.expect简介
- expect是一个用来处理交互的命令。 借助expect,我们可以将交互过程写在一个脚本上,使之自动化完成。
2.expect安装(默认未安装)
[root@liang ~]
3.命令与参数解释
3.1脚本开头
- expect脚本一般以#!/usr/bin/expect -f 开头,类似bash脚本。
3.2常用后缀
3.3主要命令
命令 |
解释 |
send |
用于向进程发送字符串 |
expect |
从进程接收字符串 |
spawn |
启动新的进程 |
interact |
允许用户交互 |
exp_continue |
匹配多个字符串在执行动作后加此命令 |
set |
设定变量值 |
[lindex $argv 0] |
获取expect脚本的第1个参数, |
set timeout 5 |
设置超时时间,单位为秒,-1为没有限制 |
expect eof |
等待spawn进程结束后退出信号eof |
4.实例操作:
4.1通过expect脚本,实现ssh自动化连接
4.1.1expect脚本内容与解释
[root@liang 2018-07-30]
set timeout -1
set ip 10.0.0.130
set password 000000
spawn ssh root@${ip}
expect {
"yes/no" {send "yes\r";exp_continue}
"password" {send "${password}\r"};
}
interact
4.1.2执行expect脚本
[root@liang 2018-07-30]# expect expect.exp
spawn ssh root@10.0.0.130
root@10.0.0.130's password:
Last login: Tue Jul 31 01:08:32 2018 from 10.0.0.129
[root@haproxy ~]# date
Tue Jul 31 01:09:33 EDT 2018
4.2通过expect脚本,实现免秘钥
4.2.1实验环境(主机名与IP)
liang 10.0.0.129(秘钥服务端)
haproxy 10.0.0.130
nginx 10.0.0.131
mysql 10.0.0.132
4.2.2在服务端生成秘钥
[root@liang ~]# ssh-keygen(打完这条命令,一直按回车)
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ca:3d:85:7f:21:88:56:31:51:6c:1d:65:87:86:d4:e8 root@rsync-A
The key
+--[ RSA 2048]----+
| ++.oo*o..|
| oo +.+. |
| .. . . |
| o o E |
| o S o . |
| o o o . . |
| o o . . |
| . . |
| |
+-----------------+
4.2.3编写shell嵌套expect脚本进行免秘钥操作
[root@liang 2018-07-30]# cat ssh.sh
#!/bin/bash #shell脚本解释器
password=000000#设置变量,我这里所有虚拟机的密码都为000000
for ip in `seq 130 132` #循环主机
do
expect -c " #调用expect命令
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 10.0.0.$ip #发送公钥的虚拟机
expect {
\"yes/no\" { send \"yes\r\";exp_continue }#这里的写法跟前面一样,\"\"(只是所有双引号的前面都需要加个\转义符号)
\"password\" { send \"${password}\r\"}
};#结尾需要加分号
expect eof #结束进程
"
done
4.2.4执行脚本
[root@liang 2018-07-30]
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 10.0.0.130
root@10.0.0.130's password:
Now try logging into the machine, with "ssh '10.0.0.130'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 10.0.0.131
root@10.0.0.131's password:
Now try logging into the machine, with "ssh '10.0.0.131'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub 10.0.0.132
root@10.0.0.132's password:
Now try logging into the machine, with "ssh '10.0.0.132'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
4.2.5验证
[root@liang 2018-07-30]
Last login: Tue Jul 31 01:08:52 2018 from 10.0.0.129
[root@haproxy ~]
logout
Connection to 10.0.0.130 closed.
[root@liang 2018-07-30]
Last login: Tue Jul 31 01:24:56 2018 from 10.0.0.129
[root@nginx ~]
logout
Connection to 10.0.0.131 closed.
[root@liang 2018-07-30]
Last login: Mon Jul 30 11:15:28 2018 from 10.0.0.1
[root@mysql ~]
logout
Connection to 10.0.0.132 closed.
4.3通过执行 脚本+用户@IP+密码,实现免秘钥。(例如:bash ssh_user.sh [email protected] 000000)
4.3.1脚本内容与解释
[root@liang 2018-07-30]
set user_ip [lindex $argv 0]
set password [lindex $argv 1]
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub ${user_ip}
expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "${password}\r"};
}
expect eof
4.3.2删除主机的秘钥(前面把公钥发过去了,先删掉)
[root@liang 2018-07-30]
[root@liang 2018-07-30]
root@10.0.0.130's password:
4.3.3执行脚本
[root@liang 2018-07-30]
spawn ssh-copy-id -i /root/.ssh/id_rsa.pub root@10.0.0.130
root@10.0.0.130's password:
Now try logging into the machine, with "ssh '[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
4.3.4测试
[root@liang 2018-07-30]
Last login: Tue Jul 31 01:29:52 2018 from 10.0.0.129
[root@haproxy ~]
logout
Connection to 10.0.0.130 closed.