expect实现无交互登录

如果你想要写一个能够自动处理输入输出的脚本(如向用户提问并且验证密码)又不想面对C或者Perl,那么expect是你的最好的选择。它可以用来做一些linux下无法做到交互的一些命令操作

安装和使用expect

yum -y install expect

使用expect创建脚本的方法

1)定义脚本执行的shell

       #!/usr/bin/expect

       这里定义的是expect可执行文件的链接路径(或真实路径),功能类似于bash等shell功能

2)set timeout 30

       设置超时时间,单位是秒,如果设为timeout -1 意为永不超时

3)spawn

       spawn 是进入expect环境后才能执行的内部命令,如果没有装expect或者直接在默认的SHELL下执行是找不到spawn命令的。不能直接在默认的shell环境中进行执行主要功能,它主要的功能是给ssh运行进程加个壳,用来传递交互指令。

4)expect

       这里的expect同样是expect的内部命令

       主要功能:判断输出结果是否包含某项字符串,没有则立即返回,否则就等待一段时间后返回,等待时间通过timeout进行设置

5)send

       执行交互动作,将交互要执行的动作进行输入给交互指令

       命令字符串结尾要加上"\r",如果出现异常等待的状态可以进行核查

6)exp_continue

       继续执行接下来的交互操作

7)interact

       执行完后保持交互状态,把控制权交给控制台;如果不加这一项,交互完成会自动退出

8)$argv

       expect 脚本可以接受从bash传递过来的参数,可以使用 [lindex $argv n]获得,n从0开始,分别表示第一个,第二个,第三个……参数

例1:免密码通过SSH登录服务器

注:运行脚本时,要把#号后面的注释删除,不然无法运行

[root@localhost SHELL]# yum -y install expect
[root@localhost SHELL]# vim ssh.exp
#!/usr/bin/expect
set ip "192.168.1.22"
set name "root"
set pwd "123.com"
set timeout 30

spawn ssh $name@$ip

expect {
"yes/no" { send "yes\r"; exp_continue }
"password" { send "$pwd\r" }
}

expect "#"

send "touch /root/test.txt\r"
send "exit\r"

expect eof
# expect eof:执行完成上述命令后,退出Expect,把控制权交给控制台,变回手工操作
# 运行结果
[root@localhost SHELL]# expect ssh.exp 
spawn ssh root@192.168.1.22
root@192.168.1.22's password: 
Last login: Sat Dec  7 19:16:02 2019 from 192.168.1.11
[root@localhost ~]# touch /root/test.txt
[root@localhost ~]# exit
登出
Connection to 192.168.1.22 closed.

例2:对服务器批量管理

[root@localhost SHELL]# vim ip_pass.txt    # 这里写上要执行的IP地址和root用户密码
192.168.1.22  123.com
192.168.1.33  123.com
192.168.1.44  123.com
[root@localhost SHELL]# vim ssh2.exp   # 编写要执行的操作
#!/usr/bin/expect
set ipaddr [lindex $argv 0]
set passwd [lindex $argv 1]
set timeout 30

spawn ssh root@$ipaddr

expect {
"yes/no" { send "yes\r";exp_continue }
"password" { send "$passwd\r" }
}

expect "#"

send "touch /root/test.txt\r"
send "exit\r"

expect eof

下面列举三种写法

# 方法一:
[root@localhost SHELL]# vim login.sh    #开始执行
#!/bin/bash
for ip in `awk '{print $1}' /root/ip_pass.txt`
do
       pass=`grep $ip /root/ip_pass.txt|awk '{print $2}'`
       expect /root/SHELL/ssh2.exp $ip $pass
done
# 方法二:
[root@localhost SHELL]# vim login2.sh
#!/bin/bash
IFS=$'\n'
for line in `cat /root/Code/ip_pass.txt`
do
        ip=`echo $line | awk '{print $1}'`
        pass=`echo $line | awk '{print $2}'`
        expect /root/SHELL/ssh2.exp $ip $pass
done
# 方法三(读取文件操作,推荐使用这种方法)
[root@localhost SHELL]# vim login3.sh
#!/bin/bash
while read line
do
        ip=`echo $line | awk '{print $1}'`
        pass=`echo $line | awk '{print $2}'`
        expect /root/SHELL/ssh2.exp $ip $pass
done < ip_pass.txt

执行结果

[root@localhost Code]# ./login.sh
spawn ssh root@192.168.1.22
Last login: Wed Apr 22 15:11:30 2020 from 192.168.1.11
[root@localhost ~]# echo 'SSH 192.168.1.22 TEST' > /root/test.txt
[root@localhost ~]# exit
登出
Connection to 192.168.1.22 closed.
spawn ssh root@192.168.1.33
Last login: Wed Apr 22 15:12:00 2020 from 192.168.1.11
[root@localhost ~]# echo 'SSH 192.168.1.33 TEST' > /root/test.txt
[root@localhost ~]# exit
登出
Connection to 192.168.1.33 closed.

例3:给同网段IP批量推送公钥

[root@localhost Code]# vim push_publickey.sh

#!/bin/bash

>ip.txt
password=123.com

rpm -q expect &> /dev/nuull
if [ $? -ne 0 ];        then
        echo "正在安装expect..."
        yum -y install expect
fi

if [ ! -f ~/.ssh/id_rsa ];      then
        echo "正在创建公钥..."
        ssh-keygen -P "" -f ~/.ssh/id_rsa
fi

for i in {1..254}
do
        {
        IP=192.168.1.$i
        ping -c1 -W1 $IP &> /dev/null
        if [ $? -eq 0 ];        then
                echo "$IP" >> ip.txt
                /usr/bin/expect <<-EOF
                spawn ssh-copy-id $IP
                expect {
                        "yes/no" { send "yes\r"; exp_continue }
                        "password" { send "$password\r" }
                }
                expect eof
                EOF
        fi
        }&
done
wait
echo "============================= END ============================="

执行结果

[root@localhost Code]# chmod a+x push_publickey.sh 
[root@localhost Code]# ./push_publickey.sh 
正在安装expect...
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
正在解决依赖关系
--> 正在检查事务
---> 软件包 expect.x86_64.0.5.45-14.el7_1 将被 安装
--> 解决依赖关系完成

依赖关系解决

=============================================================================================================================================================================
 Package                                 架构                                    版本                                            源                                     大小
=============================================================================================================================================================================
正在安装:
 expect                                  x86_64                                  5.45-14.el7_1                                   base                                  262 k

事务概要
=============================================================================================================================================================================
安装  1 软件包

总下载量:262 k
安装大小:566 k
Downloading packages:
expect-5.45-14.el7_1.x86_64.rpm                                                                                                                       | 262 kB  00:00:05     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : expect-5.45-14.el7_1.x86_64                                                                                                                              1/1 
  验证中      : expect-5.45-14.el7_1.x86_64                                                                                                                              1/1 

已安装:
  expect.x86_64 0:5.45-14.el7_1                                                                                                                                              

完毕!
正在创建公钥...
Generating public/private rsa key pair.
Created directory '/root/.ssh'.
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:XEKOUWqvVTzVvK4f7L0zoA29yx27x4nr1HnK9S4gn1U root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|      ..o   .o   |
|       * . .  o  |
|      + o =    . |
|     . o + .  . E|
|        S   .. . |
|       o  ...++ .|
|      .    o+**=+|
|           .**oOB|
|            .*BBX|
+----[SHA256]-----+
spawn ssh-copy-id 192.168.1.33
spawn ssh-copy-id 192.168.1.2
spawn ssh-copy-id 192.168.1.11
spawn ssh-copy-id 192.168.1.22
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host '192.168.1.22 (192.168.1.22)' can't be established.
ECDSA key fingerprint is SHA256:/adM/JxHaEhkc/ZB0z598JKu1V4CENQ1tC+erRDAShA.
ECDSA key fingerprint is MD5:81:db:f2:97:37:a5:e8:8b:8d:8b:bc:80:35:60:50:5b.
Are you sure you want to continue connecting (yes/no)? yes
The authenticity of host '192.168.1.33 (192.168.1.33)' can't be established.
ECDSA key fingerprint is SHA256:m0JDqyvEmBjGRYgqfqsBZv/kJUp5P+onoc3cyjNQ9mc.
ECDSA key fingerprint is MD5:a8:8d:d5:31:af:b4:cb:25:3a:20:1c:30:f8:1e:93:60.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
The authenticity of host '192.168.1.11 (192.168.1.11)' can't be established.
ECDSA key fingerprint is SHA256:zMq48OOs4JqL3SWVwEYCh7ks63WRXkxEo5rMtS0SJN0.
ECDSA key fingerprint is MD5:02:df:d1:89:e8:23:ac:5a:93:c8:7f:c8:bb:b9:13:f4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.1.2 port 22: Connection refused

expect: spawn id exp6 not open
    while executing
"expect eof"
/usr/bin/ssh-copy-id: INFO: 5 key(s) remain to be installed -- if you are prompted now it is to install the new keys
/usr/bin/ssh-copy-id: INFO: 5 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.22's password: 
root@192.168.1.33's password: 
/usr/bin/ssh-copy-id: INFO: 5 key(s) remain to be installed -- if you are prompted now it is to install the new keys

Number of key(s) added: 5

Now try logging into the machine, with:   "ssh '192.168.1.22'"
and check to make sure that only the key(s) you wanted were added.

Number of key(s) added: 5

Now try logging into the machine, with:   "ssh '192.168.1.33'"
and check to make sure that only the key(s) you wanted were added.

root@192.168.1.11's password: 

Number of key(s) added: 5

Now try logging into the machine, with:   "ssh '192.168.1.11'"
and check to make sure that only the key(s) you wanted were added.

============================= END =============================

测试结果

[root@localhost Code]# ssh 192.168.1.22
Last login: Wed Apr 22 14:20:21 2020 from 192.168.1.11
[root@localhost ~]# exit
登出
Connection to 192.168.1.22 closed.

[root@localhost Code]# ssh 192.168.1.33
Last login: Wed Apr 22 14:20:30 2020 from 192.168.1.11
[root@localhost ~]# exit
登出
Connection to 192.168.1.33 closed.

经过测试得出,现在已经可以免密登录同网段的其他服务器了

如果:服务器IP不是同一网段,或者服务器密码都不一样,可以参考 例2 实验进行适当的修改

Last modification:July 23rd, 2020 at 05:23 pm
如果觉得我的文章对你有用,请随意赞赏