共计 5750 个字符,预计需要花费 15 分钟才能阅读完成。
SSH 批量部署服务
1.1 在 NFS 上作为中心分发服务器将私钥分发到其他服务器上
1.1.1NFS 部署
[root@nfs-server ~]# useradd linuxidc
[root@nfs-server ~]# echo 123456|passwd –stdin linuxidc
Changing password for user linuxidc.
passwd: all authentication tokens updated successfully.
创建密码对:
[root@nfs-server ~]# su – linuxidc ## 切换到 linuxidc 用户下,以后批量分发都在当前用户下,安全考虑
[linuxidc@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen 是生成秘钥的工具,- t 参数指建立秘钥的类型,这里建立 dsa 类型秘钥(还有一种类型的秘钥为 RSA,两者加密算法有区别)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxidc/.ssh/id_dsa):
Created directory ‘/home/linuxidc/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/linuxidc/.ssh/id_dsa.
Your public key has been saved in /home/linuxidc/.ssh/id_dsa.pub.
The key fingerprint is:
6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc linuxidc@nfs-server
The key’s randomart image is:
+–[DSA 1024]—-+
| o o. |
| *. |
| *+ |
| +++ |
| So.=o |
| …+o |
| . +. |
| . ..o. |
| Eo o. |
+—————–+
[linuxidc@nfs-server ~]$
[linuxidc@nfs-server ~]$ ls -l .ssh/
total 8
-rw——-. 1 linuxidc zhurui 672 Mar 5 04:23 id_dsa ## 私钥
-rw-r–r–. 1 linuxidc zhurui 607 Mar 5 04:23 id_dsa.pub ## 公钥
将公钥分发给 web-lamp01 服务器
[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.12 ## 将公钥分发给 1.12 服务器
The authenticity of host ‘192.168.1.12 (192.168.1.12)’ can’t be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.12’ (RSA) to the list of known hosts.
Nasty PTR record “192.168.1.12” is set up for 192.168.1.12, ignoring
linuxidc@192.168.1.12’s password:
Permission denied, please try again.
linuxidc@192.168.1.12’s password:
Now try logging into the machine, with “ssh ‘linuxidc@192.168.1.12′”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
[linuxidc@nfs-server ~]$
1.1.2 web-lnmp02 客户端分发部署
[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.13 ## 将公钥分发到 1.13 服务器
The authenticity of host ‘192.168.1.13 (192.168.1.13)’ can’t be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.13’ (RSA) to the list of known hosts.
Nasty PTR record “192.168.1.13” is set up for 192.168.1.13, ignoring
linuxidc@192.168.1.13’s password:
Now try logging into the machine, with “ssh ‘linuxidc@192.168.1.13′”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
[linuxidc@nfs-server ~]$
1.1.3 rsync-backup 客户端分发部署
[linuxidc@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxidc@192.168.1.17
The authenticity of host ‘192.168.1.17 (192.168.1.17)’ can’t be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘192.168.1.17’ (RSA) to the list of known hosts.
linuxidc@192.168.1.17’s password:
Now try logging into the machine, with “ssh ‘linuxidc@192.168.1.17′”, and check in:
.ssh/authorized_keys
to make sure we haven’t added extra keys that you weren’t expecting.
[linuxidc@nfs-server ~]$
2.1 在 NFS 上测试
2.1.1 通过 ssh 命令在当前机器上查看 web-lamp01 的 IP 地址
[linuxidc@nfs-server ~]$ ssh -P22 linuxidc@192.168.1.12 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB)
注:在命令执行过程中,跳过输入密码的步骤
接着分发文件测试:
[linuxidc@nfs-server ~]$ cp /etc/hosts
hosts hosts.allow hosts.deny
[linuxidc@nfs-server ~]$ cp /etc/hosts .
[linuxidc@nfs-server ~]$ ll
[linuxidc@nfs-server ~]$ scp -P22 hosts linuxidc@192.168.1.12:~ ## 将当前目录下 hosts 文件分发到 1.12 家目录下
hosts 100% 243 0.2KB/s 00:00
[linuxidc@nfs-server ~]$
检查 1.12 上 linuxidc 家目录下有无 hosts 文件
[root@lamp01 linuxidc]# cat /home/linuxidc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.11 nfs-server
192.168.1.17 backup
192.168.1.12 lamp01
192.168.1.13 lnmp02
[root@lamp01 linuxidc]#
通过脚本分发:
[linuxidc@nfs-server ~]$ sh fenfa.sh
hosts 100% 257 0.3KB/s 00:00
hosts 100% 257 0.3KB/s 00:00
hosts 100% 257 0.3KB/s 00:00
批量管理脚本:
#!/bin/sh
. /etc/init.d/functions
if [$# -ne 1]
then
echo “USAGE:$0 USAGE|COMMAND”
exit 1
fi
for n in 12 13 17
do
ssh -p22 linuxidc@192.168.1.$n $1
done
~
批量分发脚本:
#!/bin/sh
. /etc/init.d/functions
for n in 12 13 17
do
scp -P22 $1 linuxidc@192.168.1.$n:~ &>/dev/null
if [$? -eq 0]
then
action “fenfa $1 ok” /bin/true
else
action “fenfa $1 ok” /bin/false
fi
done
~
利用分发脚本分发 hosts 文件
1 [linuxidc@nfs-server ~]$ sh fenfa.sh hosts
2 fenfa hosts ok [OK]
3 fenfa hosts ok [OK]
4 fenfa hosts ok [OK]
5 [linuxidc@nfs-server ~]$
优化后的分发脚本
#!/bin/sh
. /etc/init.d/functions
if [$# -ne 1]
then
echo “USAGE:$0 {FILENAME|DIRNAME}”
exit 1
fi
for n in 12 13 17
do
scp -P22 -r $1 linuxidc@192.168.1.$n:~ &>/dev/null
if [$? -eq 0]
then
action “fenfa $1 ok” /bin/true
else
action “fenfa $1 ok” /bin/false
fi
done
下面关于 SSH 相关的文章您也可能喜欢,不妨参考下:
Ubuntu 下配置 SSH 服务全过程及问题解决 http://www.linuxidc.com/Linux/2011-09/42775.htm
Ubuntu 14.04 下安装 Samba 及 SSH 服务端的方法 http://www.linuxidc.com/Linux/2015-01/111971.htm
SSH 服务远程访问 Linux 服务器登陆慢 http://www.linuxidc.com/Linux/2011-08/39742.htm
提高 Ubuntu 的 SSH 登陆认证速度的办法 http://www.linuxidc.com/Linux/2014-09/106810.htm
开启 SSH 服务让 Android 手机远程访问 Ubuntu 14.04 http://www.linuxidc.com/Linux/2014-09/106809.htm
如何为 Linux 系统中的 SSH 添加双重认证 http://www.linuxidc.com/Linux/2014-08/105998.htm
在 Linux 中为非 SSH 用户配置 SFTP 环境 http://www.linuxidc.com/Linux/2014-08/105865.htm
Linux 上 SSH 服务的配置和管理 http://www.linuxidc.com/Linux/2014-06/103627.htm
本文永久更新链接地址:http://www.linuxidc.com/Linux/2016-03/128978.htm
