利用Shell开发跳板机功能脚本案例

一、首先做好SSH密钥验证（跳板机地址172.16.1.61）

1、以下操作命令在所有机器上操作：

[test@m01 ~]$ useradd test  #<==要在所有机器上操作
[test@m01 ~]$ echo 123456|passwd --stdin test #<==要在所有机器上操作
Changingpassword for user test.
passwd:all authentication tokens updated successfully.

2、以下操作命令仅在跳板机上操作：

[root@m01 scripts]# su - test
[test@m01 ~]$ ssh-keygen -t dsa -P '' -f~/.ssh/id_dsa >/dev/null 2>&1
[test@m01 ~]$ sshpass -p123456 ssh-copy-id -i~/.ssh/id_dsa.pub "-o StrictHostKeychecking=no 172.16.1.80"
Warning: Permanently added '172.16.1.80' (RSA) tothe list of known hosts.
Now try logging into the machine, with "ssh'-o StrictHostKeychecking=no 172.16.1.80'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that youweren't expecting.

[test@m01 ~]$ sshpass -p123456 ssh-copy-id -i~/.ssh/id_dsa.pub "-o StrictHostKeychecking=no 172.16.1.81"
Warning: Permanently added '172.16.1.81' (RSA) tothe list of known hosts.
Now try logging into the machine, with "ssh '-oStrictHostKeychecking=no 172.16.1.81'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that youweren't expecting.

3、用户登录跳板机后即调用脚本（不能命令行管理跳板机），并只能按管理员的要求选单

3.1、脚本放在跳板机上：

[root@m01 scripts]# echo '[ $UID -ne 0 ] &&. /server/scripts/jump.sh'>/etc/profile.d/jump.sh
[root@m01 scripts]# cat /etc/profile.d/jump.sh
[ $UID -ne 0 ] && . /server/scripts/jump.sh
[root@m01 scripts]# cat jump.sh
#!/bin/bash
trapper(){
trap ':'INT EXIT TSTP TERM HUP         定义需要屏蔽掉信号
}
main(){
while :
do
trapper
clear
cat<<menu                            打印菜单
1) lb01-172.16.1.80
2) lb02-172.16.1.81
menu
read -p "Pls input a num.:" num
case "$num" in
1)
echo'login in 172.16.1.80.'
ssh172.16.1.80
;;
2)
echo'login in 172.16.1.81.'
ssh172.16.1.81
;;
110)
read-p "your birthday:" char
if ["$char" = "0926" ];then
exit
sleep 3
fi
;;
*)
echo"select error."
esac
done
}
main

4、执行效果如下：

[root@m01 scripts]# su - test
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:1        输入1进入172.16.1.80这台服务器
login in 172.16.1.80.
[test@lb01 ~]$ cat /etc/hosts   查看lb01的hosts文件
127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
::1        localhost localhost.localdomain localhost6 localhost6.localdomain6
#10.0.0.82 www.tiandi.com
#10.0.0.82 bbs.tiandi.com
#10.0.0.83 www.tiandi.com
#10.0.0.83 bbs.tiandi.com
10.0.0.80 www.tiandi.com
10.0.0.80 bbs.tiandi.com
[test@lb01 ~]$ logout
Connection to 172.16.1.80 closed.
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:2          输入2进入172.16.1.81这台服务器
login in 172.16.1.81.
[test@lb02 ~]$              按ctrl+d返回到菜单
[test@lb02 ~]$ logout       按ctrl+d返回到菜单
Connection to 172.16.1.81 closed.
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:110      输入110进入跳板机命令提示符
your birthday:0926        需要输入特别码才能进入，这是管理员通道，要保管好这个特别码
[root@m01 scripts]#       跳板机管理命令