ssh服务批量管理例子
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了ssh服务批量管理例子相关的知识,希望对你有一定的参考价值。
前提条件
1、准备172.16.1.10-backup, 172.16.1.7-lnmp01, 172.16.1.9-nfs-server三台22端口机器,172.16.1.8-lamp01一台8080端口机器(只是个人测试用)
2、查看系统相关信息
[[email protected] ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[[email protected] ~]# uname -r
2.6.32-573.el6.x86_64
[[email protected] ~]# uname -m
x86_64
1、检查SSH服务是否安装
[[email protected] ~]#rpm -qa openssl openssh
[[email protected] ~]#yum install -y openssl
[[email protected] ~]#yum install -y openssh
[[email protected] ~]#rpm -qa openssl openssh
openssh-5.3p1-111.el6.x86_64
openssl-1.0.1e-42.el6.x86_64
2、检查SSH服务是否开启
[[email protected] ~]# /etc/init.d/sshd status
openssh-daemon (pid 4096) is running...
#如果未开启,那么需要执行下述命令
[[email protected] ~]# /etc/init.d/sshd start
3、为所有机器创建用户及密码
[[email protected] ~]# useradd oldgirl
[[email protected] ~]# tail -1 /etc/passwd
oldgirl:x:503:503::/home/oldgirl:/bin/bash
[[email protected] ~]# echo 123456|passwd --stdin oldgirl
[[email protected] ~]# id oldgirl
[[email protected] ~]# su – oldgirl #其他3台机器也要建同样的用户
[[email protected] ~]$ ll
...............
4、SSH优化
#在root用户下执行
[[email protected] ~]# sed -ir ‘13 iPort 52113\nPermitRootLoginno\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config
#一般来讲,如果用户严格的话,那么不让root用户登录,那么需要把PermitRootLogin改为no,现在测试机直接是yes,ssh这个文件默认端口是22,如果要修改端口加上Port 52113,那么在访问这台机器的时候要特殊处理。
5、在backup10机器创建秘钥对
[[email protected] ~]$ ssh-keygen -t dsa#下面的都敲回车即可
Generating public/private dsa key pair.
Enter file in which to save the key(/home/oldgirl/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/home/oldgirl/.ssh/id_dsa.
Your public key has been saved in/home/oldgirl/.ssh/id_dsa.pub.
The key fingerprint is:
e8:3b:06:99:fe:bc:ca:dd:72:2a:c0:24:df:fe:e1:[email protected]
The key‘s randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
|. . . |
| = . o. S |
| + =. |
| + .o |
| .++++. |
| oOE*. |
+-----------------+
[[email protected] ~]$ cat .ssh/#查看秘钥生成的相关文件
authorized_keys id_dsa id_dsa.pub known_hosts
6、backup10机器分发秘钥
#注意:公钥相当于锁,要发给所有机器,私钥相当于钥匙,要留给自己。
#给22端口的7机器和9机器发公钥密钥
[[email protected] ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub [email protected]
[email protected]‘s password:
Now try logging into the machine, with "ssh‘[email protected]‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
[[email protected] ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub [email protected]
[email protected]‘s password:
Now try logging into the machine, with "ssh‘[email protected]‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
#查看7、9两台机器生成的密钥
[[email protected] ~]$ ls -l ~/.ssh/authorized_keys#相当于id_dsa.pub,只是换了个名
-rw------- 1 oldgirl oldgirl 604 Jun 5 20:33 /home/oldgirl/.ssh/authorized_keys
[[email protected] ~]$ ls -l ~/.ssh/authorized_keys
-rw------- 1 oldgirl oldgirl 604 Jun 5 20:34 /home/oldgirl/.ssh/authorized_keys
#给8080端口8机器发密钥,仅仅是个人测试端口使用
[[email protected] ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub"-p 8080 [email protected]"
The authenticity of host ‘[172.16.1.8]:8080([172.16.1.8]:8080)‘ can‘t be established.
RSA key fingerprint is85:f0:47:99:b8:f7:f4:23:c4:a8:db:e6:ac:d3:dd:f3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[172.16.1.8]:8080‘ (RSA) tothe list of known hosts.
[email protected]‘s password:
Now try logging into the machine, with "ssh ‘-p [email protected]‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
#查看8机器生成的密钥
[[email protected] ~]$ ls -l ~/.ssh/authorized_keys
-rw------- 1 oldgirl oldgirl 604 Jun 7 02:02 /home/oldgirl/.ssh/authorized_keys
7、批量管理
7、1批量管理:在10backup机器分发文件方式一
脚本内容:
[[email protected] ~]$ cat fenfa1.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ];then echo"USAGE:$0 filename" exit 1 fi for n in 9 7 do scp -P22 -rp [email protected]$n:~ &>/dev/null && ssh -p22 [email protected]$n sudo rsync ~/$1 /etc/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done
#在10机器的oldgirl下执行,执行这步之前一定要先把密钥/公钥发给其他机器,不然执行这里会让输入密码。
[[email protected] ~]$ /bin/sh fenfa1.sh test1.txt #格式为/bin/sh,脚本名称,要发送的文件名
172.16.1.9 [ OK ]
172.16.1.7 [ OK ]
#查看7和9机器生成的文件
[[email protected] ~]$ ls -l test1.txt
-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt
[[email protected] ~]$ ls -l test1.txt
-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt
7、2批量管理:在10backup机器分发文件方式二
#在root用户下,在10、7、9机器中加入
[[email protected] ~]# cat /etc/sudoers
oldgirl ALL= NOPASSWD: /usr/bin/rsync
脚本内容:
[[email protected] ~]$ cat fenfa.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ];then echo"USAGE:$0 filename DST" exit 1 fi for n in 9 7 do scp -P22 -rp [email protected]$n:~ &>/dev/null && ssh -p22 [email protected]$n sudo rsync ~/$1 /$2/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done
#上述脚本涉及rsync的内容请参考我的另一篇博文
“rsync的配置和以rsync的daemon工作模式传输数据”
#在10机器的oldgirl用户下执行
[[email protected] ~]$ /bin/sh fenfa.sh text2.txt data #注意data这里不要加”/”,脚本里已加,认真认真再认真! #格式为/bin/sh,脚本名,发送文件名,接收文件目录
172.16.1.9 [ OK ]
172.16.1.7 [ OK ]
#在7和9机器查看结果
[[email protected] ~]$ ls -l /data/
total 0
-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt
[[email protected] ~]$ ls -l /data/
total 0
-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt
以上是关于ssh服务批量管理例子的主要内容,如果未能解决你的问题,请参考以下文章