使用sshkey批量分发或批量备份、批量部署管理实践

使用sshkey批量分发/备份、批量部署管理实践

注释:该题在生产环境中的用途为,数据分发,发布程序,控制管理等。

题:有三台Linux机器,分别是A,B,C。完成一把钥匙多把锁的功能(A钥匙,B、C锁)的免密码登录部署。

如下所示:

A-->B

A-->C

图:。。。。

部署过程:

1、搭建前环境准备

A:192.168.0.253 centos6.6

B:192.168.0.252 centos6.6

C: 192.168.0.251 centos6.6

2、开始部署

(将交谈发送到全部窗口)连接软件设置

[zxin10@model ~]$ sudo su -

#添加用户和密码。

[root@model ~]# useradd sshkey

[root@model ~]# echo "sshkey"|passwd sshkey --stdin

Changing password for user sshkey.

passwd: all authentication tokens updated successfully.

[root@model ~]# tail -1 /etc/passwd

sshkey:x:501:501::/home/sshkey:/bin/bash

#使用ssh-keygen命令添加密钥

[root@model ~]# su - sshkey

[sshkey@model ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/sshkey/.ssh/id_dsa):

Created directory '/home/sshkey/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/sshkey/.ssh/id_dsa.

Your public key has been saved in /home/sshkey/.ssh/id_dsa.pub.

The key fingerprint is:

66:ef:74:c4:55:91:32:de:35:93:91:54:5d:87:8d:df sshkey@model.zte

The key's randomart image is:

+--[ DSA 1024]----+

| .B#|

| ooB=|

| . =.=|

| . o .E|

| S o |

| o . . |

| o . |

| o . |

| . |

+-----------------+

#看到这两个文件id_dsa私钥,id_dsa.pub公钥

[sshkey@model ~]$ ls -l .ssh

total 8

-rw------- 1 sshkey sshkey 672 Jan 11 22:12 id_dsa

-rw-r--r-- 1 sshkey sshkey 606 Jan 11 22:12 id_dsa.pub

#A机器把公钥发到对应的机器(B、C)的对应用户(sshkey)家目录下。

#在A机器上单独执行:

[sshkey@model ~]$ ssh-copy-id -i .ssh/id_dsa.pub "-p 52113 sshkey@192.168.0.251"

#查看对应的密码文件

A:机器如下:

[sshkey@model ~]$ ll ~/.ssh

total 12

-rw------- 1 sshkey sshkey 672 Jan 11 22:12 id_dsa

-rw-r--r-- 1 sshkey sshkey 606 Jan 11 22:12 id_dsa.pub

-rw-r--r-- 1 sshkey sshkey 806 Jan 11 22:20 known_hosts

B、C机器如下:

[sshkey@machine1 ~]$ ll ~/.ssh

total 12

-rw------- 1 sshkey sshkey 606 Jan 13 18:34 authorized_keys

-rw------- 1 sshkey sshkey 672 Jan 13 18:26 id_dsa

-rw-r--r-- 1 sshkey sshkey 609 Jan 13 18:26 id_dsa.pub

#测试成功

[sshkey@model ~]$ ssh -p52113 192.168.0.252 free -m

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!

total used free shared buffers cached

Mem: 1870 262 1608 0 46 109

-/+ buffers/cache: 105 1764

Swap: 2047 0 2047

[sshkey@model ~]$ ssh -p52113 192.168.0.251 free -m

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!

total used free shared buffers cached

Mem: 1870 114 1756 0 12 33

-/+ buffers/cache: 68 1802

Swap: 2047 0 2047

如何利用sshkey免密码登录实现批量分发文件?

#编写脚本copyall.sh

[sshkey@model scripts]$ cat copyall.sh

#!/bin/sh

. /etc/init.d/functions

SSHPORT=52113

[ $# -ne 1 ]&&exit 1

ARG=$1

for ip in 192.168.0.252 192.168.0.251

do

if [ -d $ARG ];then

echo "$ARG IS DIRACTORY.COPY ALL FILE!"

scp -r -P${SSHPORT} $ARG sshkey@${ip}:~

else

echo "$ARG IS A FILE.COPY IT !"

scp -P${SSHPORT} $ARG sshkey@${ip}:~

fi

if [ $? -eq 0 ];then

action "scp is ok" /bin/true

else

action "scp is error" /bin/false

fi

done

#注释:这是我自己写的脚本,还有一些可以完善的地方,IP写到文件里,然后遍历文件就可以实现批量分发,非常的便利。

#要拷贝的是文件的话,就直接拷贝该文件到sshkey家目录下。

[sshkey@model scripts]$ sh copyall.sh copyall.sh

copyall.sh IS A FILE.COPY IT !

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!

copyall.sh 100% 406 0.4KB/s 00:00

scp is ok [ OK ]

copyall.sh IS A FILE.COPY IT !

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!

copyall.sh 100% 406 0.4KB/s 00:00

scp is ok [ OK ]

#要拷贝的文件是目录的话,就拷贝该目录下的所有文件到sshkey家目录下。

[sshkey@model scripts]$ !sh

sh copyall.sh ../sshkeydir

../sshkeydir IS DIRACTORY.COPY ALL FILE!

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!

sshkeytestfile.log 100% 0 0.0KB/s 00:00

test1.log 100% 0 0.0KB/s 00:00

scp is ok [ OK ]

../sshkeydir IS DIRACTORY.COPY ALL FILE!

reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!

sshkeytestfile.log 100% 0 0.0KB/s 00:00

test1.log 100% 0 0.0KB/s 00:00

scp is ok [ OK ]

[sshkey@model scripts]$

Python爬虫全栈教学,零基础教你成编程大神

使用sshkey批量分发或批量备份、批量部署管理实践

ssh

相关推荐