Batch Management and Batch Management of Weibo

Batch Management and Batch Management of Weibo

SSH

1. ssh is a secure encryption protocol used to remotely connect to a linux server.

2. The default ssh port is 22, and the security protocol version is ssh2.

3. the ssh server mainly includes two service functions: ssh remote connection and sftp service.

4. the linux ssh client includes the ssh remote connection command and the scp command for remote copy.

SSH service authentication type password-based security verification

Basic syntax for connecting to a remote host through ssh:

-P connection port. The default port is 22.

@ Username

@ The ip address of the server to be connected

Ssh summary:

1. Switch to ssh-p52113 user @ ip on another machine.

2. Run the ssh-p 52113 user @ ip command (full path) on other machines ).

3. During the first ssh connection, a local key file is generated ~ /. Ssh/known_hosts (multiple keys ).

Key-based security verification

Create a pair of key pairs in advance, and place the public key on the target server to be accessed. In addition, you need to set the private key) put it on the client server corresponding to the ssh client.

Find the corresponding service based on the port number (111:

Lsof-I: 111

Netstat-lntup | grep 111

Find the corresponding port number based on the process name (sshd:

Netstat-lntup | grep sshd

Change the default ssh logon Configuration

Remote copy scp command attached to the ssh client

-P (uppercase) port.

-R recursion indicates copying directories.

-P indicates that the file or directory attributes are kept before and after the copy.

-L limit speed limit

Scp summary:

1. scp is an encrypted remote copy, and cp is only a local copy.

2. Data can be pushed from one machine to another, or data can be pulled back to the server where local commands are executed from other servers.

3. All copies are complete at a time. Therefore, the efficiency is not high. This is suitable for the first copy. rsync is used for incremental copies.

Sftp

1. linux connection command sftp-oPort = 22 root@192.168.31.132

2. Upload put and local client path put/etc/hosts. You can also specify the path to upload put/etc/hosts/tmp.

3. Download The get server content get hosts. in linux, download the content to the directory before the local connection. You can also specify the download path get/etc/hosts/tmp.

4. The remote home directory of the connection is the default directory, or you can switch to another directory with permissions.

Batch File distribution and Command Execution

Configure ip host name

Enterprise-level batch distribution and management solutions for IT companies

1. sshkey key for small and medium-sized enterprises.

2. portal website sina puppet (copy, too heavy ).

3. Batch Management of collection and Xiaomi saltstack (lightweight ).

Create user oldgirl and password system

Create a public/private key

 

Distribution Public Key

 

If it is not port 22 (Port 52113): ssh-copy-id-I. ssh/id_dsa.pub "-P 52113 oldgirl@192.168.31.134"

Test password-free ip address query

Distribute files

 

Compile a batch distribution script

 

 

 

 

 

 

 

 

 

Ssh batch distribution and management

1. Use root for ssh key verification.

Advantages: simple and easy to use.

Disadvantage: poor security, and root remote connection cannot be disabled.

2. Use common users (recommended)

First, copy the distributed file to the user's home directory on the server, and then sudo extracts the permission to copy the distributed file.

Advantages: security. You do not need to stop the root remote connection function.

Disadvantage: the configuration is complicated.

3. Set the suid pair to a fixed command

Advantage: relatively secure

Disadvantages: complexity and poor security. Anyone can process commands with suid permissions.

 

 

 

Enterprise-level production scenario Batch Management, automated management solution:

1. The simplest and most common shh key, the most powerful. Generally, medium and small enterprises use less than 50-servers.

2. Portal-level puppet batch management tools.

3. saltstack batch management tool.

4. http + cron

Batch Management route: sshkey à puppet à saltstack/ansible.