Web集群之SSH批量管理

、什么是SSH批量管理

在管理機(jī)產(chǎn)生公鑰和私鑰,然后把自己的公鑰推送給需要被管理的服務(wù)器,然后就可以通過(guò)scp和ssh命令,無(wú)需輸入密碼即可管理

鎖=公鑰,鑰匙=私鑰

企業(yè)里實(shí)現(xiàn)ssh方案:

1)直接root ssh key。

條件:系統(tǒng)允許root使用ssh

2)sudo提權(quán)來(lái)實(shí)現(xiàn)沒(méi)有權(quán)限用戶拷貝

實(shí)驗(yàn)環(huán)境:

hostnameip描述

m01172.16.1.61管理機(jī)

web01172.16.1.7被管理

nfs172.16.1.31被管理

backup172.16.1.41被管理

所有機(jī)器系統(tǒng)環(huán)境統(tǒng)一

[root@m01 /]# cat /etc/redhat-release CentOS Linux release7.5.1804(Core) [root@m01 /]# uname -r3.10.0-862.el7.x86_64

1.1 所有的服務(wù)器創(chuàng)建普通用戶及密碼

useradd xiaoliecho"123456"|passwd --stdin xiaoliid xiaolisu - xiaoli#<==統(tǒng)一切換到xiaoli用戶

1.2 m01產(chǎn)生密鑰

#使用xiaoli用戶來(lái)創(chuàng)建私鑰,并且分發(fā)公鑰

[xiaoli@m01 ~]$ ssh-keygen -t dsa#<==生成私鑰(一路回車)Generatingpublic/privatedsa key pair.Enter fileinwhich to save thekey(/home/xiaoli/.ssh/id_dsa): Created directory '/home/xiaoli/.ssh'. #<==私鑰存放的目錄Enterpassphrase(emptyforno passphrase): Enter same passphrase again: Your identification has been savedin/home/xiaoli/.ssh/id_dsa.Yourpublickey has been savedin/home/xiaoli/.ssh/id_dsa.pub.The key fingerprintis:SHA256:/UtUhhM++KSQH9OgJyP+MCRz+LhdYfRt/r6384aVLzU xiaoli@m01The key's randomart imageis:+---[DSA 1024]----+|? ? ? ? . . .? ? ||? ? . . + * o? ||? ? + + O * X o? ||? ? O o O O=? ||? ? . = S + +? .||? ? o =? o . Eo||? ? . . .? o .+o||? ? ? ? ? . oo.+||? ? ? ? ? ? . o*=|+----[SHA256]-----+[xiaoli@m01 ~]$ pwd/home/xiaoli[xiaoli@m01 ~]$ ls .ssh/id_dsa? id_dsa.pub[xiaoli@m01 ~]$ ll .ssh/total8-rw-------1xiaoli xiaoli672Nov520:57id_dsa#<==私鑰-rw-r--r--1xiaoli xiaoli600Nov520:57id_dsa.pub#<==公鑰

1.3 管理機(jī)分發(fā)公鑰給客戶端

管理機(jī)推送公鑰給backup

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub xiaoli@172.16.1.41/bin/ssh-copy-id: INFO: Sourceofkey(s) to be installed:".ssh/id_dsa.pub"The authenticityofhost'172.16.1.41 (172.16.1.41)'can't be established.

ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.

ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

xiaoli@172.16.1.41's password: Numberofkey(s) added:1Nowtrylogging into the machine, with:"ssh 'xiaoli@172.16.1.41'"andcheck to make sure that only the key(s) you wanted were added.#backup上查看是否收到公鑰[xiaoli@backup ~]$ ls .ssh/authorized_keys .ssh/authorized_key#配置文件默認(rèn)就是.ssh/authorized_key這個(gè)文件名,是由/etc/ssh/sshd_config這個(gè)配置文件所定義[root@backup backup]$ grep authorized_keys /etc/ssh/sshd_config |egrep -v"^#"AuthorizedKeysFile? ? ? .ssh/authorized_keys

管理機(jī)推送公鑰給nfs

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub xiaoli@172.16.1.31/bin/ssh-copy-id: INFO: Sourceofkey(s) to be installed:".ssh/id_dsa.pub"The authenticityofhost'172.16.1.31 (172.16.1.31)'can't be established.

ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.

ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

xiaoli@172.16.1.31's password: Numberofkey(s) added:1Nowtrylogging into the machine, with:"ssh 'xiaoli@172.16.1.31'"andcheck to make sure that only the key(s) you wanted were added.#nfs上查看是否收到公鑰[xiaoli@nfs ~]$ ls -l .ssh/total4-rw-------1xiaoli xiaoli600Nov521:16authorized_keys

管理機(jī)推送公鑰給web01

[xiaoli@m01 ~]$ ssh-copy-id -i .ssh/id_dsa.pub xiaoli@172.16.1.7/bin/ssh-copy-id: INFO: Sourceofkey(s) to be installed:".ssh/id_dsa.pub"The authenticityofhost'172.16.1.7 (172.16.1.7)'can't be established.

ECDSA key fingerprint is SHA256:9mwPu7qxdn4iuw1GFz5nXmBdpXKRoj0D8dhDo6sp9XQ.

ECDSA key fingerprint is MD5:d2:35:47:86:60:b5:97:16:3f:26:4c:91:78:3a:02:2a.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

xiaoli@172.16.1.7's password: Numberofkey(s) added:1Nowtrylogging into the machine, with:"ssh 'xiaoli@172.16.1.7'"andcheck to make sure that only the key(s) you wanted were added.#web01查看是否收到公鑰[xiaoli@web01 ~]$ ls -l .ssh/total4-rw-------1xiaoli xiaoli600Nov521:20authorized_keys

1.4 管理機(jī)實(shí)現(xiàn)批量獲取參數(shù)

單獨(dú)查看某一臺(tái)客戶端IP地址,如果端口號(hào)為22,就不需要加-p

[xiaoli@m01 ~]$ ssh xiaoli@172.16.1.31/sbin/ifconfig ens33ens33:flags=4163? mtu1500inet10.0.0.31netmask255.255.255.0broadcast10.0.0.255inet6 fe80::7ef6:6b6b:fba4:c66c? prefixlen64scopeid0x20? ? ? ? inet6 fe80::f15a:916:1ee7:65e9? prefixlen64scopeid0x20? ? ? ? ether00:50:56:20:de:ectxqueuelen1000(Ethernet)? ? ? ? RX packets68059bytes50182137(47.8MiB)? ? ? ? RX errors0dropped0overruns0frame0TX packets32722bytes6712416(6.4MiB)? ? ? ? TX errors0dropped0overruns0carrier0collisions0#我們可以發(fā)現(xiàn)這時(shí)執(zhí)行ssh就不需要輸入密碼

創(chuàng)建腳本查看三臺(tái)客戶端的IP地址

[xiaoli@m01 ~]$ mkdir seripts[xiaoli@m01 ~]$ cd seripts[xiaoli@m01 seripts]$ cat view_ip.sh#!/bin/shUser=xiaoliIp=(172.16.1.7

172.16.1.31

172.16.1.41

)

for ((i=0;i<${#Ip[*]};i++))

do

? ? ? ? ssh ${User}@${Ip[$i]} /sbin/ifconfig ens33

done

#執(zhí)行腳本?貨運(yùn)APP找上海捌躍網(wǎng)絡(luò)科技有限公司QQ3343874032

[xiaoli@m01 seripts]$ sh view_ip.sh

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>mtu1500inet10.0.0.7netmask255.255.255.0broadcast10.0.0.255inet6 fe80::7ef6:6b6b:fba4:c66c? prefixlen64scopeid0x20? ? ? ? inet6 fe80::b85a:6444:fdc7:90ef? prefixlen64scopeid0x20? ? ? ? inet6 fe80::f15a:916:1ee7:65e9? prefixlen64scopeid0x20? ? ? ? ether00:50:56:32:88:betxqueuelen1000(Ethernet)? ? ? ? RX packets11633bytes2805754(2.6MiB)? ? ? ? RX errors0dropped0overruns0frame0TX packets6003bytes1047269(1022.7KiB)? ? ? ? TX errors0dropped0overruns0carrier0collisions0ens33:flags=4163? mtu1500inet10.0.0.31netmask255.255.255.0broadcast10.0.0.255inet6 fe80::7ef6:6b6b:fba4:c66c? prefixlen64scopeid0x20? ? ? ? inet6 fe80::f15a:916:1ee7:65e9? prefixlen64scopeid0x20? ? ? ? ether00:50:56:20:de:ectxqueuelen1000(Ethernet)? ? ? ? RX packets68065bytes50182545(47.8MiB)? ? ? ? RX errors0dropped0overruns0frame0TX packets32726bytes6712704(6.4MiB)? ? ? ? TX errors0dropped0overruns0carrier0collisions0ens33:flags=4163? mtu1500inet10.0.0.41netmask255.255.255.0broadcast10.0.0.255inet6 fe80::7ef6:6b6b:fba4:c66c? prefixlen64scopeid0x20? ? ? ? inet6 fe80::b85a:6444:fdc7:90ef? prefixlen64scopeid0x20? ? ? ? inet6 fe80::f15a:916:1ee7:65e9? prefixlen64scopeid0x20? ? ? ? ether00:50:56:21:a4:2a? txqueuelen1000(Ethernet)? ? ? ? RX packets123357bytes15582283(14.8MiB)? ? ? ? RX errors0dropped0overruns0frame0TX packets130534bytes11862139(11.3MiB)? ? ? ? TX errors0dropped0overruns0carrier0collisions0上面結(jié)果為成功標(biāo)志!連接所有機(jī)器,不提示密碼直接可以操作

1.5 scp實(shí)現(xiàn)批量下發(fā)文件

每臺(tái)服務(wù)器root權(quán)限下實(shí)施sudo#切換到root用戶,給xiaoli用戶賦予有rsync的命令執(zhí)行權(quán)限echo"xiaoli ALL=(ALL) NOPASSWD:/usr/bin/rsync ">>/etc/sudoersvisudo -c

將/etc/hosts文件拷貝到家目錄(xiaoli),并修改hosts文件內(nèi)容

[xiaoli@m01 ~]$ cp /etc/hosts .[xiaoli@m01 ~]$ tail-5hosts172.16.1.7web01172.16.1.41backup172.16.1.31nfs172.16.1.51m01################2018-11-5################

使用腳本批量分發(fā)hosts文件

[xiaoli@m01 ~]$? cat seripts/fenfa_file.sh#!/bin/shUser=xiaoliIp=(172.16.1.7172.16.1.31172.16.1.41)for((i=0;i<${#Ip[*]};i++))doscp ~/hosts${User}@${Ip[$i]}:~ ssh -t${User}@${Ip[$i]}sudo rsync ~/hosts /etc/hostsdone#運(yùn)行批量分發(fā)腳本[xiaoli@m01 seripts]$ sh? fenfa_file.shhosts? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100%? 268? 245.5KB/s? 00:00? ? Connection to 172.16.1.7 closed.hosts? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100%? 268? ? 47.6KB/s? 00:00? ? Connection to 172.16.1.31 closed.hosts? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 100%? 268? 295.1KB/s? 00:00? ? Connection to 172.16.1.41 closed.

客戶端查看結(jié)果

#以backup客戶端為例展示結(jié)果:[xiaoli@backup ~]$ tail-5/etc/hosts172.16.1.7web01172.16.1.41backup172.16.1.31nfs172.16.1.51m01################2018-11-5################

擴(kuò)展:使用rsync通道模式,實(shí)現(xiàn)增量、加密

[xiaoli@m01 ~]$ rsync -avz hosts -e'ssh -p 22'xiaoli@172.16.1.41sending incremental file listhostssent214bytes? received35bytes498.00bytes/sectotal sizeis268speedupis1.08


轉(zhuǎn)自:http://blog.51cto.com/12643266/2314340

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 加密算法 對(duì)稱加密算法 加密和解密使用同一個(gè)密鑰 DES、3DES、AES、Blowfish、Twofish、ID...
    毛利卷卷發(fā)閱讀 1,758評(píng)論 0 4
  • SSH全稱Secure SHell,顧名思義就是非常安全的shell的意思,SSH協(xié)議是IETF(Internet...
    StarShift閱讀 2,684評(píng)論 0 7
  • 被炙熱的火舌吞噬 被炸裂的痛苦掩埋 留下一小片 溫柔笑著的誓言 多少次午夜夢(mèng)回不可抑制地想起他眉眼的溫柔 半哭半笑...
    之幕閱讀 257評(píng)論 0 0
  • 因?yàn)樯顗毫μ?,年輕人整天唉聲嘆氣。某天,他去山中尋找一位大哲人,希望對(duì)方給他一個(gè)解脫之法。 哲人聽(tīng)完他的訴說(shuō)后...
    應(yīng)果閱讀 695評(píng)論 0 0
  • 從上周開(kāi)始濰坊的天氣就一直被烏云滿布的天空所籠罩;直到昨晚的一場(chǎng)狂風(fēng)暴雨算是這些天的陰沉、烏蒙、和每天不定時(shí)的大雨...
    Sunny仔仔閱讀 707評(píng)論 1 2

友情鏈接更多精彩內(nèi)容