kasini3000
/
winscp复制主控机公钥到被控机_win2linux_pwd.ps1

#Requires -Modules winscp
# 这是独立的程序。依赖winscp。只支持密码。不支持key。
param
(
	[parameter(Mandatory = $true)]
	[ValidateNotNullOrEmpty()]
	[Alias("ipaddress")][String]$被控机ip地址,

	[Alias("port")][uint16]$端口 = 22,

	[ValidateNotNullOrEmpty()]
	[Alias("root_password")][string]$被控机上root的ssh密码明文,

	[ValidateNotNullOrEmpty()]
	[Alias("sudo_user")][String]$sudo用户名,

	[ValidateNotNullOrEmpty()]
	[Alias("sudo_password")][String]$sudo密码
)

if ($env:LANG -eq 'zh_CN.UTF-8')
{
	Write-Warning '警告：linux被控机内的【/root/.ssh/authorized_keys】文件将被替换，安装卡死你3000前的旧root秘钥，将失效！'
}
else
{
	Write-Warning 'Warning: [/root/.ssh/authorized_keys] file in the Linux node will be replaced, old ssh-key-file will be invalid before 3000 installed !'
}

if ( ($IsWindows -eq $True) -or ($PSVersionTable.psversion.major -lt 6) ) #win
{
	& 'c:\ProgramData\kasini3000\0k_source.ps1'
}

if ($IsLinux -eq $True)
{
	Write-Error "错误：不支持linux"
	exit 1
}

if ( ($IsWindows -eq $True) -or ($PSVersionTable.psversion.major -lt 6) ) #win
{
	$被推送的公钥文件 = "${global:kasini3000_data_path}\ssh_key_files_old1\authorized_keys"
	if (Test-Path -LiteralPath $被推送的公钥文件)
	{
	}
	else
	{
		& 'gx更新主控机上的_双公钥文件authorized_keys.ps1'
		if (Test-Path -LiteralPath $被推送的公钥文件)
		{
		}
		else
		{
			Write-Error "错误：找不到 $被推送的公钥文件"
			exit 2
		}
	}

	if ($被控机上root的ssh密码明文 -eq '')
	{
		if (($sudo用户名 -eq '') -or ($sudo密码 -eq ''))
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Error '错误：sudo账户名，或sudo密码，为空！返回码 11'
			}
			else
			{
				Write-Warning 'Warning: empty sudo_user or sudo_pwd !exit 11'
			}
			exit 11
		}

		$用户密码密文 = ConvertTo-SecureString $sudo密码 -AsPlainText -Force
		$我的登陆凭据 = New-Object System.Management.Automation.PSCredential ($sudo用户名,$用户密码密文)
		$sftp连接参数 = New-WinSCPSessionOption -Protocol Sftp -HostName $被控机ip地址 -PortNumber $端口 -Credential  $我的登陆凭据 -Timeout $([timespan]::FromSeconds(4))
		$指纹 = Get-WinSCPHostKeyFingerprint -SessionOption $sftp连接参数 -Algorithm 'SHA-256'
		$sftp连接参数.SshHostKeyFingerprint = $指纹

		$private:sftp连接 = New-WinSCPSession -SessionOption $sftp连接参数
		if ($private:sftp连接 -eq $null)
		{
			Write-Error "使用ssh密码，在${目的ip地址}上连接失败"
			exit 3
		}
		else
		{
			Write-Verbose '使用ssh密码，连接成功。'
		}

		$private:sudo返回值1 = Invoke-WinSCPCommand -WinSCPSession $private:sftp连接 -Command " echo $sudo密码 | sudo -S whoami"
		if ($private:sudo返回值1.output -match 'root')
		{
			Write-Verbose '以sudo权限，开始执行命令：'
		}
		else
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Error "错误：sudo提权失败。错误码987"
			}
			else
			{
				Write-Error "error：sudo privilege escalation failed.exit 987"
			}
			exit 987
		}

		Write-Verbose '用winscp+sudo密码，复制主控机ssh公钥到被控机，命令开始。'
		$权限600 = New-WinSCPTransferOption -FilePermissions (New-WinSCPItemPermission -Octal 600)
		Send-WinSCPItem -LocalPath $被推送的公钥文件 -RemotePath '/tmp' -TransferOptions $权限600 -WinSCPSession $private:sftp连接

		Invoke-WinSCPCommand -WinSCPSession $private:sftp连接 -Command "sudo mkdir '/root/.ssh' "
		$private:sudo返回值2 = Invoke-WinSCPCommand -WinSCPSession $private:sftp连接 -Command "sudo mv '/tmp/authorized_keys' '/root/.ssh/' "
		if ($private:sudo返回值2.IsSuccess -eq $true)
		{
			Write-Verbose '信息：从tmp，到/root/.ssh，移动authorized_keys文件成功'
		}
		else
		{
			if ($env:LANG -eq 'zh_CN.UTF-8')
			{
				Write-Error "错误：从tmp，到/root/.ssh，移动authorized_keys文件失败。错误码21"
			}
			else
			{
				Write-Error "error：from tmp，to /root/.ssh move authorized_keys failed.exit 21"
			}
			exit 21
		}

		Invoke-WinSCPCommand -WinSCPSession $private:sftp连接 -Command "sudo chmod 700 '/root/.ssh' ; sudo chmod 600 '/root/.ssh/authorized_keys' ; sudo chown root:root '/root/.ssh/authorized_keys'  "
		Write-Verbose '用winscp+sudo密码，复制主控机ssh公钥到被控机，命令完成。'
		Remove-WinSCPSession -WinSCPSession $private:sftp连接
		exit 0
	}
	else
	{
		$用户名 = 'root'
		$用户密码密文 = ConvertTo-SecureString $被控机上root的ssh密码明文 -AsPlainText -Force
		$我的登陆凭据 = New-Object System.Management.Automation.PSCredential ($用户名,$用户密码密文)
		$sftp连接参数 = New-WinSCPSessionOption -Protocol Sftp -HostName $被控机ip地址 -PortNumber $端口 -Credential  $我的登陆凭据 -Timeout $([timespan]::FromSeconds(4))
		$指纹 = Get-WinSCPHostKeyFingerprint -SessionOption $sftp连接参数 -Algorithm 'SHA-256'
		$sftp连接参数.SshHostKeyFingerprint = $指纹

		$private:sftp连接 = New-WinSCPSession -SessionOption $sftp连接参数
		if ($private:sftp连接 -eq $null)
		{
			Write-Error "使用ssh+root密码，在${目的ip地址}上连接失败"
			exit 3
		}
		else
		{
			Write-Verbose '使用ssh+root密码，连接成功。'
		}

		Write-Verbose '用winscp+root密码，复制主控机ssh公钥到被控机，命令开始。'
		if (Test-WinSCPPath -Path '/root/.ssh' -WinSCPSession $sftp连接)
		{
			Remove-WinSCPItem -Path '/root/.ssh' -Confirm:$false -WinSCPSession $private:sftp连接
		}

		$权限700 = New-WinSCPTransferOption -FilePermissions (New-WinSCPItemPermission -Octal 700)
		New-WinSCPItem -Path '/root/.ssh' -ItemType Directory -TransferOptions  $权限700 -WinSCPSession $private:sftp连接

		$权限600 = New-WinSCPTransferOption -FilePermissions (New-WinSCPItemPermission -Octal 600)
		Send-WinSCPItem -LocalPath $被推送的公钥文件 -RemotePath '/root/.ssh/' -TransferOptions $权限600 -WinSCPSession $private:sftp连接

		Write-Verbose '用winscp+root密码，复制主控机ssh公钥到被控机，命令完成。'
		Remove-WinSCPSession -WinSCPSession $private:sftp连接
		exit 0
	}
}