fabric库例子

deploy_ssh.py

from fabric import Connection

c = Connection(host="192.168.105.2",
               user="root",
               connect_kwargs={
                   "key_filename": "./id_rsa",
                   #"password": ""
               }
               )


c.run('id')

''' 
final_key = open('id_rsa.pub').read()
c.run('ls ~/.ssh/authorized_keys')
c.run('echo "%s" > ~/.ssh/authorized_keys' % final_key)
c.run("sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config")
c.run("service sshd restart")


c.run('id')
c2 = c.run('uname -s', hide=True)
msg = "Run {0.command!r} on {0.connection.host}, got stdout:\n{0.stdout}"
print(msg.format(c2))
print(c2.connection.host)
print(c2.command)
print(c2.stdout)
'''

example.py

import fabric
from invoke import Responder

host = "server.local"
port = 22
username = "admin"
password = "admin"

connection = fabric.Connection(host=host, port=22, user=username, connect_kwargs={'password': password})
#print("connection succeeded")
#connection.run("pwd")

final_key = "ssh-rsa " + open('public_key.pub').read()
connection.run('mkdir -p ~/.ssh/')
connection.run('echo "%s" > ~/.ssh/authorized_keys' % final_key)


#allow necessary permissions
connection.run('chmod 600 ~/.ssh/*')
connection.run('chmod 700 ~/.ssh/')

#passwordless sudo
#connection.run('echo "admin ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers')
sudopassword = Responder(pattern=r'\[sudo\]', response = 'admin\n')
connection.run('echo "admin ALL=(ALL) NOPASSWD: ALL" | sudo EDITOR="tee -a" visudo', pty = True, watchers=[sudopassword])

#remove password authentication
connection.run('sudo sed -i "s/#PasswordAuthentication yes/PasswordAuthentication no/g" /etc/ssh/sshd_config')
connection.run('sudo service ssh reload')
connection.close()

genkey.py

from paramiko import RSAKey
import os, json, logging, io
logging.basicConfig(level = logging.INFO)

def gen_keys(key="",bit=3072,private_filepath="./id_rsa", public_filepath="./id_rsa.pub"):
    output = io.StringIO()
    sbuffer = io.StringIO()
    key_content = {}
    if not key:
        try:
            key = RSAKey.generate(bit)
            key.write_private_key(output)
            key.write_private_key_file(private_filepath)
            private_key = output.getvalue()
        except IOError:
            raise IOError('gen_keys: there was an error writing to the file')
        except SSHException:
            raise SSHException('gen_keys: the key is invalid')
    else:
        private_key = key
        output.write(key)
        try:
            key = RSAKey.from_private_key(output)
        except SSHException as e:
            raise SSHException(e)

    for data in [key.get_name(),
                 " ",
                 key.get_base64(),
                 " %s@%s" % ("magicstack", os.uname()[1])]:
        sbuffer.write(data)
    public_key = sbuffer.getvalue()
    with open(public_filepath, "w") as public:
        public.write(public_key)
    key_content['public_key'] = public_key
    key_content['private_key'] = private_key
    logging.info('gen_keys:   key content:%s' % key_content)
    return key_content

gen_keys()

local_run.py

from invoke import run, Responder

sudopass = Responder(pattern=r'Pass', response='xxxx\n')
run('sudo id', pty=True, watchers=[sudopass])