Batch Management and Batch Management of Weibo
SSH
1. ssh is a secure encryption protocol used to remotely connect to a linux server.
2. The default ssh port is 22, and the security protocol version is ssh2.
3. the ssh server mainly includes two service functions: ssh remote connection and sftp service.
4. the linux ssh client includes the ssh remote connection command and the scp command for remote copy.
SSH service authentication type password-based security verification
Basic syntax for connecting to a remote host through ssh:
-P connection port. The default port is 22.
@ Username
@ The ip address of the server to be connected
Ssh summary:
1. Switch to ssh-p52113 user @ ip on another machine.
2. Run the ssh-p 52113 user @ ip command (full path) on other machines ).
3. During the first ssh connection, a local key file is generated ~ /. Ssh/known_hosts (multiple keys ).
Key-based security verification
Create a pair of key pairs in advance, and place the public key on the target server to be accessed. In addition, you need to set the private key) put it on the client server corresponding to the ssh client.
Find the corresponding service based on the port number (111:
Lsof-I: 111
Netstat-lntup | grep 111
Find the corresponding port number based on the process name (sshd:
Netstat-lntup | grep sshd
Change the default ssh logon Configuration
Remote copy scp command attached to the ssh client
-P (uppercase) port.
-R recursion indicates copying directories.
-P indicates that the file or directory attributes are kept before and after the copy.
-L limit speed limit
Scp summary:
1. scp is an encrypted remote copy, and cp is only a local copy.
2. Data can be pushed from one machine to another, or data can be pulled back to the server where local commands are executed from other servers.
3. All copies are complete at a time. Therefore, the efficiency is not high. This is suitable for the first copy. rsync is used for incremental copies.
Sftp
1. linux connection command sftp-oPort = 22 root@192.168.31.132
2. Upload put and local client path put/etc/hosts. You can also specify the path to upload put/etc/hosts/tmp.
3. Download The get server content get hosts. in linux, download the content to the directory before the local connection. You can also specify the download path get/etc/hosts/tmp.
4. The remote home directory of the connection is the default directory, or you can switch to another directory with permissions.
Batch File distribution and Command Execution
Configure ip host name
Enterprise-level batch distribution and management solutions for IT companies
1. sshkey key for small and medium-sized enterprises.
2. portal website sina puppet (copy, too heavy ).
3. Batch Management of collection and Xiaomi saltstack (lightweight ).
Create user oldgirl and password system
Create a public/private key
Distribution Public Key
If it is not port 22 (Port 52113): ssh-copy-id-I. ssh/id_dsa.pub "-P 52113 oldgirl@192.168.31.134"
Test password-free ip address query
Distribute files
Compile a batch distribution script
Ssh batch distribution and management
1. Use root for ssh key verification.
Advantages: simple and easy to use.
Disadvantage: poor security, and root remote connection cannot be disabled.
2. Use common users (recommended)
First, copy the distributed file to the user's home directory on the server, and then sudo extracts the permission to copy the distributed file.
Advantages: security. You do not need to stop the root remote connection function.
Disadvantage: the configuration is complicated.
3. Set the suid pair to a fixed command
Advantage: relatively secure
Disadvantages: complexity and poor security. Anyone can process commands with suid permissions.
Enterprise-level production scenario Batch Management, automated management solution:
1. The simplest and most common shh key, the most powerful. Generally, medium and small enterprises use less than 50-servers.
2. Portal-level puppet batch management tools.
3. saltstack batch management tool.
4. http + cron
Batch Management route: sshkey à puppet à saltstack/ansible.