ssh服务批量管理示例
2016-06-14 11:55
363 查看
前提条件
1、准备172.16.1.10-backup, 172.16.1.7-lnmp01, 172.16.1.9-nfs-server三台22端口机器,172.16.1.8-lamp01一台8080端口机器(只是个人测试用)2、查看系统相关信息
[root@backup ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@backup ~]# uname -r
2.6.32-573.el6.x86_64
[root@backup ~]# uname -m
x86_64
1、检查SSH服务是否安装
[root@backup ~]#rpm -qa openssl openssh[root@backup ~]#yum install -y openssl[root@backup ~]#yum install -y openssh[root@backup ~]#rpm -qa openssl opensshopenssh-5.3p1-111.el6.x86_64openssl-1.0.1e-42.el6.x86_64
2、检查SSH服务是否开启
[root@backup ~]# /etc/init.d/sshd statusopenssh-daemon (pid 4096) is running...#如果未开启,那么需要执行下述命令[root@backup ~]# /etc/init.d/sshd start
3、为所有机器创建用户及密码
[root@backup ~]# useradd oldgirl[root@backup ~]# tail -1 /etc/passwdoldgirl:x:503:503::/home/oldgirl:/bin/bash
[root@backup ~]# echo 123456|passwd --stdin oldgirl[root@backup ~]# id oldgirl[root@backup ~]# su – oldgirl #其他3台机器也要建同样的用户[oldgirl@backup ~]$ ll...............
4、SSH优化
#在root用户下执行[root@backup ~]# sed -ir '13 iPort 52113\nPermitRootLoginno\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config#一般来讲,如果用户严格的话,那么不让root用户登录,那么需要把PermitRootLogin改为no,现在测试机直接是yes,ssh这个文件默认端口是22,如果要修改端口加上Port 52113,那么在访问这台机器的时候要特殊处理。5、在backup10机器创建秘钥对
[oldgirl@backup ~]$ ssh-keygen -t dsa#下面的都敲回车即可Generating public/private dsa key pair.Enter file in which to save the key(/home/oldgirl/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in/home/oldgirl/.ssh/id_dsa.Your public key has been saved in/home/oldgirl/.ssh/id_dsa.pub.The key fingerprint is:e8:3b:06:99:fe:bc:ca:dd:72:2a:c0:24:df:fe:e1:eeoldgirl@backupThe key's randomart image is:+--[ DSA 1024]----+| || || ||. . . || = . o. S || + =. || + .o || .++++. || oOE*. |+-----------------+ [oldgirl@backup ~]$ cat .ssh/#查看秘钥生成的相关文件authorized_keys id_dsa id_dsa.pub known_hosts6、backup10机器分发秘钥
#注意:公钥相当于锁,要发给所有机器,私钥相当于钥匙,要留给自己。#给22端口的7机器和9机器发公钥密钥[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.7oldgirl@172.16.1.7's password: Now try logging into the machine, with "ssh'oldgirl@172.16.1.7'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren'texpecting. [oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.9oldgirl@172.16.1.9's password: Now try logging into the machine, with "ssh'oldgirl@172.16.1.9'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren'texpecting. #查看7、9两台机器生成的密钥[oldgirl@lnmp01 ~]$ ls -l ~/.ssh/authorized_keys#相当于[b]id_dsa.pub,只是换了个名[/b]-rw------- 1 oldgirl oldgirl 604 Jun 5 20:33 /home/oldgirl/.ssh/authorized_keys[oldgirl@nfs-server ~]$ ls -l ~/.ssh/authorized_keys -rw------- 1 oldgirl oldgirl 604 Jun 5 20:34 /home/oldgirl/.ssh/authorized_keys#给8080端口8机器发密钥,仅仅是个人测试端口使用[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub"-p 8080 oldgirl@172.16.1.8"The authenticity of host '[172.16.1.8]:8080([172.16.1.8]:8080)' can't be established.RSA key fingerprint is85:f0:47:99:b8:f7:f4:23:c4:a8:db:e6:ac:d3:dd:f3.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '[172.16.1.8]:8080' (RSA) tothe list of known hosts.oldgirl@172.16.1.8's password: Now try logging into the machine, with "ssh '-p 8080oldgirl@172.16.1.8'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren'texpecting.
#查看8机器生成的密钥 [oldgirl@lamp01 ~]$ ls -l ~/.ssh/authorized_keys-rw------- 1 oldgirl oldgirl 604 Jun 7 02:02 /home/oldgirl/.ssh/authorized_keys
7、批量管理7、1批量管理:在10backup机器分发文件方式一
脚本内容:
[oldgirl@backup ~]$ cat fenfa1.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ];then echo"USAGE:$0 filename" exit 1 fi for n in 9 7 do scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null &&\ ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /etc/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done
#在10机器的oldgirl下执行,执行这步之前一定要先把密钥/公钥发给其他机器,不然执行这里会让输入密码。[oldgirl@backup ~]$ /bin/sh fenfa1.sh test1.txt #格式为/bin/sh,脚本名称,要发送的文件名172.16.1.9 [ OK ]172.16.1.7 [ OK ] #查看7和9机器生成的文件[oldgirl@nfs-server ~]$ ls -l test1.txt -rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt [oldgirl@lnmp01 ~]$ ls -l test1.txt -rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt
7、2批量管理:在10backup机器分发文件方式二#在root用户下,在10、7、9机器中加入[root@backup ~]# cat /etc/sudoersoldgirl ALL= NOPASSWD: /usr/bin/rsync脚本内容:[oldgirl@backup ~]$ cat fenfa.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ];then echo"USAGE:$0 filename DST" exit 1 fi for n in 9 7 do scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null &&\ ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /$2/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done#上述脚本涉及rsync的内容请参考我的另一篇博文“rsync的配置和以rsync的daemon工作模式传输数据”#在10机器的oldgirl用户下执行[oldgirl@backup ~]$ /bin/sh fenfa.sh text2.txt data #注意data这里不要加”/”,脚本里已加,认真认真再认真! #格式为/bin/sh,脚本名,发送文件名,接收文件目录172.16.1.9 [ OK ]172.16.1.7 [ OK ]#在7和9机器查看结果[oldgirl@lnmp01 ~]$ ls -l /data/total 0-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt[oldgirl@nfs-server ~]$ ls -l /data/
total 0-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt
相关文章推荐
- Linux Generating SSH Keys
- perl脚本实现限制ssh最大登录次数(支持白名单)
- rsync ssh 数据同步分析
- 搭建SSH时的思考和遇到的几个问题的解决方法
- SSH框架网上商城项目第9战之添加和更新商品类别功能实现
- SSH框架网上商城项目第7战之整合Struts2和Json
- SSH 使用原理 与解释
- SSH整合中 hibernate托管给Spring得到SessionFactory
- Linux VPS利用SSH重置ROOT密码的方法
- SSH框架网上商城项目第15战之线程、定时器同步首页数据
- SSH框架网上商城项目第18战之过滤器实现购物登录功能的判断
- ssh,scp自动登陆的实现方法
- linux下使用ssh远程执行命令批量导出数据库到本地
- shell脚本实现ssh自动登录功能分享
- linux下ssh安装与scp命令使用详解
- ssh项目环境搭建步骤(web项目)
- 脚本实现SSH登录邮件报警
- SSH框架网上商城项目第21战之详解易宝支付的流程
- Linux SSH 安全策略 限制 IP 登录方法