SSH批量部署服務 1.1在NFS上作為中心分發伺服器將私鑰分發到其他伺服器上 1.1.1NFS部署 1 [root@nfs-server ~]# useradd zhurui 2 [root@nfs-server ~]# echo 123456|passwd --stdin zhurui 3 Ch
SSH批量部署服務
1.1在NFS上作為中心分發伺服器將私鑰分發到其他伺服器上
1.1.1NFS部署
1 [root@nfs-server ~]# useradd zhurui 2 [root@nfs-server ~]# echo 123456|passwd --stdin zhurui 3 Changing password for user zhurui. 4 passwd: all authentication tokens updated successfully. 5 創建密碼對: 6 [root@nfs-server ~]# su - zhurui ##切換到zhurui用戶下,以後批量分發都在當前用戶下,安全考慮 7 [zhurui@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘鑰的工具,-t參數指建立秘鑰的類型,這裡建立dsa類型秘鑰(還有一種類型的秘鑰為RSA,兩者加密演算法有區別) 8 Generating public/private dsa key pair. 9 Enter file in which to save the key (/home/zhurui/.ssh/id_dsa): 10 Created directory '/home/zhurui/.ssh'. 11 Enter passphrase (empty for no passphrase): 12 Enter same passphrase again: 13 Your identification has been saved in /home/zhurui/.ssh/id_dsa. 14 Your public key has been saved in /home/zhurui/.ssh/id_dsa.pub. 15 The key fingerprint is: 16 6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc zhurui@nfs-server 17 The key's randomart image is: 18 +--[ DSA 1024]----+ 19 | o o. | 20 | *. | 21 | *+ | 22 | +++ | 23 | So.=o | 24 | ...+o | 25 | . +. | 26 | . ..o. | 27 | Eo o. | 28 +-----------------+ 29 [zhurui@nfs-server ~]$ 30 [zhurui@nfs-server ~]$ ls -l .ssh/ 31 total 8 32 -rw-------. 1 zhurui zhurui 672 Mar 5 04:23 id_dsa ##私鑰 33 -rw-r--r--. 1 zhurui zhurui 607 Mar 5 04:23 id_dsa.pub ##公鑰 34 將公鑰分發給web-lamp01伺服器 35 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected] ##將公鑰分發給1.12伺服器 36 The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established. 37 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 38 Are you sure you want to continue connecting (yes/no)? yes 39 Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts. 40 Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring 41 [email protected]'s password: 42 Permission denied, please try again. 43 [email protected]'s password: 44 Now try logging into the machine, with "ssh '[email protected]'", and check in: 45 46 .ssh/authorized_keys 47 48 to make sure we haven't added extra keys that you weren't expecting. 49 50 [zhurui@nfs-server ~]$
1.1.2 web-lnmp02客戶端分發部署
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected] ##將公鑰分發到1.13伺服器 2 The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts. 6 Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring 7 [email protected]'s password: 8 Now try logging into the machine, with "ssh '[email protected]'", and check in: 9 10 .ssh/authorized_keys 11 12 to make sure we haven't added extra keys that you weren't expecting. 13 14 [zhurui@nfs-server ~]$
1.1.3 rsync-backup客戶端分發部署
1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub [email protected] 2 The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts. 6 [email protected]'s password: 7 Now try logging into the machine, with "ssh '[email protected]'", and check in: 8 9 .ssh/authorized_keys 10 11 to make sure we haven't added extra keys that you weren't expecting. 12 13 [zhurui@nfs-server ~]$
2.1在NFS上測試
2.1.1 通過ssh命令在當前機器上查看web-lamp01的IP地址
1 [zhurui@nfs-server ~]$ ssh -P22 [email protected] /sbin/ifconfig eth0 2 eth0 Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3 3 inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0 4 inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link 5 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 6 RX packets:7701 errors:0 dropped:0 overruns:0 frame:0 7 TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0 8 collisions:0 txqueuelen:1000 9 RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB) 10 註:在命令執行過程中,跳過輸入密碼的步驟 11 接著分發文件測試: 12 [zhurui@nfs-server ~]$ cp /etc/hosts 13 hosts hosts.allow hosts.deny 14 [zhurui@nfs-server ~]$ cp /etc/hosts . 15 [zhurui@nfs-server ~]$ ll 16 [zhurui@nfs-server ~]$ scp -P22 hosts [email protected]:~ ##將當前目錄下hosts文件分發到1.12家目錄下 17 hosts 100% 243 0.2KB/s 00:00 18 [zhurui@nfs-server ~]$ 19 20 檢查1.12上zhurui家目錄下有無hosts文件 21 [root@lamp01 zhurui]# cat /home/zhurui/hosts 22 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 23 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 24 192.168.1.11 nfs-server 25 192.168.1.17 backup 26 192.168.1.12 lamp01 27 192.168.1.13 lnmp02 28 [root@lamp01 zhurui]# 29 通過腳本分發: 30 [zhurui@nfs-server ~]$ sh fenfa.sh 31 hosts 100% 257 0.3KB/s 00:00 32 hosts 100% 257 0.3KB/s 00:00 33 hosts 100% 257 0.3KB/s 00:00 34
批量管理腳本:
1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4 then 5 echo "USAGE:$0 USAGE|COMMAND" 6 exit 1 7 fi 8 for n in 12 13 17 9 do 10 ssh -p22 [email protected].$n $1 11 done 12 13 ~
批量分發腳本:
1 #!/bin/sh 2 . /etc/init.d/functions 3 4 for n in 12 13 17 5 do 6 scp -P22 $1 [email protected].$n:~ &>/dev/null 7 if [ $? -eq 0 ] 8 then 9 action "fenfa $1 ok" /bin/true 10 else 11 action "fenfa $1 ok" /bin/false 12 fi 13 done 14 15 ~
利用分發腳本分發hosts文件
1 [zhurui@nfs-server ~]$ sh fenfa.sh hosts 2 fenfa hosts ok [ OK ] 3 fenfa hosts ok [ OK ] 4 fenfa hosts ok [ OK ] 5 [zhurui@nfs-server ~]$
優化後的分發腳本
1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4 then 5 echo "USAGE:$0 {FILENAME|DIRNAME}" 6 exit 1 7 fi 8 for n in 12 13 17 9 do 10 scp -P22 -r $1 [email protected].$n:~ &>/dev/null 11 if [ $? -eq 0 ] 12 then 13 action "fenfa $1 ok" /bin/true 14 else 15 action "fenfa $1 ok" /bin/false 16 fi 17 done
