Chinaunix首页 | 论坛 | 博客
  • 博客访问: 7170486
  • 博文数量: 3857
  • 博客积分: 6409
  • 博客等级: 准将
  • 技术积分: 15948
  • 用 户 组: 普通用户
  • 注册时间: 2008-09-02 16:48
个人简介

迷彩 潜伏 隐蔽 伪装

文章分类

全部博文(3857)

文章存档

2017年(5)

2016年(63)

2015年(927)

2014年(677)

2013年(807)

2012年(1241)

2011年(67)

2010年(7)

2009年(36)

2008年(28)

分类: LINUX

2016-03-08 15:52:12

SSH批量部署服务

[日期:2016-03-07] 来源:Linux社区  作者:hackerer [字体:  ]

SSH批量部署服务

1.1在NFS上作为中心分发服务器将私钥分发到其他服务器上

1.1.1NFS部署

[root@nfs-server ~]# useradd linuxidc
[root@nfs-server ~]# echo 123456|passwd --stdin linuxidc
Changing password for user linuxidc.
passwd: all authentication tokens updated successfully.
创建密码对:
[root@nfs-server ~]# su - linuxidc    ##切换到linuxidc用户下,以后批量分发都在当前用户下,安全考虑
[linuxidc@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘钥的工具,-t参数指建立秘钥的类型,这里建立dsa类型秘钥(还有一种类型的秘钥为RSA,两者加密算法有区别)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxidc/.ssh/id_dsa): 
Created directory '/home/linuxidc/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/linuxidc/.ssh/id_dsa.
Your public key has been saved in /home/linuxidc/.ssh/id_dsa.pub.
The key fingerprint is:
6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc linuxidc@nfs-server
The key's randomart image is:
+--[ DSA 1024]----+
|        o o.    |
|          *.    |
|          *+    |
|          +++    |
|        So.=o    |
|        ...+o    |
|      .  +.    |
|    .  ..o.    |
|      Eo  o.    |
+-----------------+
[linuxidc@nfs-server ~]$ 
[linuxidc@nfs-server ~]$ ls -l .ssh/
total 8
-rw-------. 1 linuxidc zhurui 672 Mar  5 04:23 id_dsa  ##私钥
-rw-r--r--. 1 linuxidc zhurui 607 Mar  5 04:23 id_dsa.pub  ##公钥
将公钥分发给web-lamp01服务器
[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.12  ##将公钥分发给1.12服务器
The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring
linuxidc@192.168.1.12's password: 
Permission denied, please try again.
linuxidc@192.168.1.12's password: 
Now try logging into the machine, with "ssh 'linuxidc@192.168.1.12'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxidc@nfs-server ~]$

1.1.2 web-lnmp02客户端分发部署

[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.13  ##将公钥分发到1.13服务器
The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts.
Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring
linuxidc@192.168.1.13's password: 
Now try logging into the machine, with "ssh 'linuxidc@192.168.1.13'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxidc@nfs-server ~]$

1.1.3 rsync-backup客户端分发部署

[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.17
The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts.
linuxidc@192.168.1.17's password: 
Now try logging into the machine, with "ssh 'linuxidc@192.168.1.17'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxidc@nfs-server ~]$

2.1在NFS上测试

2.1.1 通过ssh命令在当前机器上查看web-lamp01的IP地址

[linuxidc@nfs-server ~]$ ssh -P22 linuxidc@192.168.1.12 /sbin/ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:0C:29:49:CE:B3  
          inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4806676 (4.5 MiB)  TX bytes:484902 (473.5 KiB)
注:在命令执行过程中,跳过输入密码的步骤
接着分发文件测试:
[linuxidc@nfs-server ~]$ cp /etc/hosts
hosts        hosts.allow  hosts.deny  
[linuxidc@nfs-server ~]$ cp /etc/hosts .
[linuxidc@nfs-server ~]$ ll
[linuxidc@nfs-server ~]$ scp -P22 hosts linuxidc@192.168.1.12:~ ##将当前目录下hosts文件分发到1.12家目录下
hosts                                          100%  243    0.2KB/s  00:00    
[linuxidc@nfs-server ~]$

检查1.12上linuxidc家目录下有无hosts文件
[root@lamp01 linuxidc]# cat /home/linuxidc/hosts 
127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4 
::1        localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.11 nfs-server
192.168.1.17 backup
192.168.1.12 lamp01
192.168.1.13 lnmp02
[root@lamp01 linuxidc]# 
通过脚本分发:
[linuxidc@nfs-server ~]$ sh fenfa.sh
hosts                                          100%  257    0.3KB/s  00:00    
hosts                                          100%  257    0.3KB/s  00:00    
hosts                                          100%  257    0.3KB/s  00:00

批量管理脚本:

#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
  then
    echo "USAGE:$0 USAGE|COMMAND"
    exit 1
fi
for n in 12 13 17
do
  ssh -p22 linuxidc@192.168.1.$n $1
done

~

批量分发脚本:

#!/bin/sh
. /etc/init.d/functions

for n in 12 13 17
do
  scp -P22 $1 linuxidc@192.168.1.$n:~ &>/dev/null
  if [ $? -eq 0 ]
    then
      action "fenfa $1 ok" /bin/true
    else
      action "fenfa $1 ok" /bin/false
  fi
done

~

利用分发脚本分发hosts文件

1 [linuxidc@nfs-server ~]$ sh fenfa.sh hosts
2 fenfa hosts ok                                            [  OK  ]
3 fenfa hosts ok                                            [  OK  ]
4 fenfa hosts ok                                            [  OK  ]
5 [linuxidc@nfs-server ~]$

优化后的分发脚本

#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
  then
    echo "USAGE:$0 {FILENAME|DIRNAME}"
    exit 1
fi
for n in 12 13 17
do
  scp -P22 -r $1 linuxidc@192.168.1.$n:~ &>/dev/null
  if [ $? -eq 0 ]
    then
      action "fenfa $1 ok" /bin/true
    else
      action "fenfa $1 ok" /bin/false
  fi
done

下面关于SSH相关的文章您也可能喜欢,不妨参考下:

 下配置 SSH服务全过程及问题解决 

Ubuntu 14.04 下安装Samba 及SSH 服务端的方法 

SSH服务远程访问Linux服务器登陆慢 

提高Ubuntu的SSH登陆认证速度的办法 

开启SSH服务让手机远程访问 Ubuntu 14.04  

如何为Linux系统中的SSH添加双重认证 

在 Linux 中为非 SSH 用户配置 SFTP 环境 

Linux 上SSH 服务的配置和管理 

本文永久更新链接地址

阅读(1543) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~