下面以：RHEL5 OS為例介紹使用方法

一、安裝sshpass命令工具

1.下載sshpass-1.05-1.el5.rf.x86_64.rpm軟體包：

()可以訪問此網址下載

2.安裝sshpass

#]rpm –ivh sshpass-1.05-1.el5.rf.x86_64.rpm        #安裝完成後系統中才有sshpass命令

 

二、shell使用指令碼說明

#指令碼內容

~]#cat uway-auth.sh

#!/bin/bash

USER_NAME=$1

USER_HOME=/home/$1

PASSWD=$2

Proot=$3

filename=$4

#echo $USER_NAME

#echo $USER_HOME

 

#在本機的$USER_NAME下生成公鑰、私鑰

if [ -d  $USER_HOME/.ssh ]; then

        rm -rf $USER_HOME/.ssh

fi

 

sudo -u $USER_NAME ssh-keygen -t rsa

sudo -u $USER_NAME cat $USER_HOME/.ssh/id_rsa.pub>$USER_HOME/.ssh/authorized_keys

cp $USER_HOME/.ssh/authorized_keys /root/.ssh/

 

 

# 在除本機外的各節點生成公鑰、私鑰

for i in $(cat $filename)

do

#echo $i

sshpass -p $PASSWD ssh $USER_NAME@$i  -o StrictHostKeyChecking=no </dev/null

 

#建立~/.ssh目錄

if [  -d ~/.ssh ]; then

         rm -rf ~/.ssh

fi

 

#生成公鑰、私鑰

ssh-keygen -t rsa

 

exit

EOF

         #將各個節點上的公鑰追加到本機的

         sshpass -p $PASSWD ssh $USER_NAME@$i cat $USER_HOME/.ssh/id_rsa.pub >> $USER_HOME/.ssh/authorized_keys

        

         chown -R $USER_NAME:$USER_NAME $USER_HOME/.ssh

         #chmod 600 $USER_HOME/.ssh/authorized_keys

done

 

#scp authorized_keys 檔案到各臺機器上面。

for i in $(cat $filename)

do

sshpass -p $Proot ssh root@$i </dev/null

if [ ! -d /root/.ssh ]; then

         mkdir /root/.ssh

fi

exit

EOF

         sshpass -p $PASSWD scp $USER_HOME/.ssh/authorized_keys $USER_NAME@$i:$USER_HOME/.ssh/

         sshpass -p $Proot scp $USER_HOME/.ssh/authorized_keys root@$i:/root/.ssh/

done

#使用說明

1.上傳指令碼到linux主機上，並且賦給x許可權

chmod +x uway-auth.sh

2.指令碼執行需要的傳給的引數：

USER_NAME=$1      #使用者（在主機的哪個使用者下建立ssh互信）

PASSWD=$2     #密碼（上面的使用者的密碼）

Proot=$3           #root的密碼（需要在USER_NAME無密碼登入其他節點的root使用者）

filename=$4     #IP地址列表檔案（除本機外，所有需要ssh互信的節點IP）

 

三、實驗：使用uway-auth.sh配置ssh免密碼登入

1.準備工作：

（其中某個結點準備即可） 

a.安裝sshpass工具

b.上傳uway-auth.sh指令碼到主機上

為了說明實驗效果，以下是執行指令碼之前的記錄：

#此時，ssh到其他主機的時候都需要密碼

~]# su - test

[test@hadoop1 ~]$ cat /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1               localhost.localdomain localhost

::1             localhost6.localdomain6 localhost6

192.168.8.46    hadoop1

192.168.8.48    hadoop2

192.168.8.49    hadoop3

192.168.8.50    hadoop4             實驗中配置這4結點之間ssh免密碼登入

[test@hadoop1 ~]$ ssh hadoop1 date

The authenticity of host 'hadoop1 (192.168.8.46)' can't be established.

RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'hadoop1,192.168.8.46' (RSA) to the list of known hosts.

test@hadoop1's password:

Permission denied, please try again.

test@hadoop1's password:   需要輸入密碼

[test@hadoop1 ~]$ ssh hadoop2 date

The authenticity of host 'hadoop2 (192.168.8.48)' can't be established.

RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'hadoop2,192.168.8.48' (RSA) to the list of known hosts.

test@hadoop2's password:

Permission denied, please try again.

test@hadoop2's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh hadoop3 date

The authenticity of host 'hadoop3 (192.168.8.49)' can't be established.

RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'hadoop3,192.168.8.49' (RSA) to the list of known hosts.

test@hadoop3's password:

Permission denied, please try again.

test@hadoop3's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh hadoop4 date

The authenticity of host 'hadoop4 (192.168.8.50)' can't be established.

RSA key fingerprint is 41:25:aa:22:c1:fb:c1:52:3c:42:db:8d:55:1b:35:79.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'hadoop4,192.168.8.50' (RSA) to the list of known hosts.

test@hadoop4's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh root@hadoop1 date

root@hadoop1's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh root@hadoop2 date

root@hadoop2's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh root@hadoop3 date

root@hadoop3's password: 需要輸入密碼

[test@hadoop1 ~]$ ssh root@hadoop4 date

root@hadoop4's password: 需要輸入密碼

c.配置IP列表

]# cat ip.txt  #將IP地址寫到ip.txt檔案中（除本機外）

192.168.8.48

192.168.8.49

192.168.8.50

2.執行指令碼

 

 

 

 

 

 

]# ./uway-auth.sh test test password ip.txt   #引數說明請見第二節的第二點

Generating public/private rsa key pair.

Enter file in which to save the key (/home/test/.ssh/id_rsa): 回車

Created directory '/home/test/.ssh'.

Enter passphrase (empty for no passphrase): 回車

Enter same passphrase again: 回車

Your identification has been saved in /home/test/.ssh/id_rsa.

Your public key has been saved in /home/test/.ssh/id_rsa.pub.

The key fingerprint is:

87:72:d1:cf:9a:9e:66:af:88:ba:97:fe:3a:77:72:64 test@hadoop1

3.檢視結點上的authorized_keys檔案內容是否包含了其他結點

4.測試ssh免密碼登入

如上圖所示，主機hadoop1使用test使用者ssh其他節點的test使用者，使用test使用者ssh其他節點的root使用者都不需要密碼了，證明成功

原文連結：http://blog.itpub.net/27000195/viewspace-1428246/