expect command under linux to achieve batch ssh encryption
- 2020-06-19 12:31:04
- OfStack
Sometimes we need to batch send ssh commands to the server, but it is possible that some servers are newly added and have not configured ssh without encryption. At this time, we will be prompted to type yes/no or password, etc. The expect script command is used to automatically enter the corresponding text for us when prompted.
expect script
First look at the 1 section of shell script, ssh automatic connection
#!/usr/bin/expect
spawn ssh 192.168.1.241
expect "password"
send "123456\r"
expect "]#" {send "ls -la\r"}
interactNote that line 1 USES #! /usr/bin/expect instead of the normal bash script
spawn is used to start new processes
expect "password", note that this is the command inside the expect script, which is used to wait for feedback from the process and can accept strings and regular expressions. This means that the output of the process started by spawn is the input to the expect command. If the password script is included, it will output 123456\r to standard output
Notice \r stands for line wrap, in the same way that we type a command to wrap a line.
send: Send interactive values instead of typing them manually
Then we enter server 241 and the window prints [root@hadoop01 ~]#, which matches our]#, and prints the command ES44en-ES45en to the console with a newline. Here our expect is followed by curly braces, followed by two lines with effect 1 straight. Or you could say it's another way of writing it.
interact is special in that it waits for the end of the spawn command and stays on the 241 server for further interaction. Without this, it is possible that expect's corresponding match has ended before send has been executed. Accordingly, we can use expect eof instead of interact to wait for the end of spawn and exit (eof will be sent to expect after the end of spawn process)
Multibranch syntax
The expect above belongs to the single-branch pattern, which means that it matches this one. If it doesn't, you have to type it yourself, but you might have a different prompt the first time, which means you need to use the multi-branch syntax
expect will output as long as it matches aaa or password.
#!/usr/bin/expect
spawn ssh 192.168.1.241
expect {
"aaa" {send "bbb\r"}
"password" { send "nf123456\r"}
}
expect "]#" {send "ls -la\r"}
interactexpect command-line arguments
The expect scripts above are probably up to the task, and to avoid having too many expect scripts, I prefer to use the expect command
#!/bin/bash
SERVER="192.168.1.241"
PASSWD=nf123456
expect -c "
set timeout -1;
spawn ssh $SERVER;
expect {
\"yes/no\" { send \"yes\r\" ;exp_contine; }
\"password:\" { send \"$PASSWD\r\"; }
};
expect \"]#\" { send \"ls -la \r\" };
expect \"]#\" { send \"exit \r\" };
expect eof;
"Above shell function and expect script to achieve the function 1, are through the ssh login enter, ES87en-ES88en command
set timeout-1 sets the timeout
We need to add -c after expect
Note that the expect command is enclosed in double quotes
If there is "need to use \" escape.
Line 15 represents the end of the ES108en-ES109en command to send an exit command, 1 is normally added to prevent blocking
expect eof matches spawn end
ssh batch ENCRYPTION demo
#!/bin/bash
SERVERS="192.168.1.241 192.168.1.242"
PASSWD="123456"
function sshcopyid
{
expect -c "
set timeout -1;
spawn ssh-copy-id $1;
expect {
\"yes/no\" { send \"yes\r\" ;exp_contine; }
\"password:\" { send \"$PASSWD\r\";exp_continue; }
};
expect eof;
"
}
for server in $SERVERS
do
sshcopyid $server
doneAbove is the introduction of expect command under linux to achieve batch ssh secret avoidance of the whole process, I hope to help you.