Deploying SSH trust relationships in bulk

Requirement 1:
Deploy SSH trust relationships in large quantities, deploy web-level trust relationships at the a file distributor at high volume
The file Distributor is: 10.0.3.9 logon User: Zhangsan
Web Layer IP segment:
10.0.3.10~10.0.3.60

(1), please build Zhangsan users on the Web tier, and create a. SSH directory under the Zhangsan home
(2) on the 3.9 server, the Zhangsan user creates the private key and public key with ssh-genkey and exports the public key to Authorized_keys
This file, the permissions change to 600
(3), distribute Authorized_keys to the Zhangsan home directory of the Web tier under the. SSH directory.
(4), write a script locally called host.sh menu output is:
Level 1 Menu
(1), log on to the Web server
(2) Large-volume distribution of documents
(3), exit
Level 2 Menu
When you choose 1,
(1) Log in to WEB1
(2) Log in to WEB2
When you choose 2,
(1) Please enter the file (absolute path) to be distributed:
Opt-out when you choose 3

Experimental environment

Three Linux machines, one real machine (ip:10.0.2.68) and two virtual machines (10.0.7.15 and 10.0.7.16)

Set ip:10.0.2.68 as a file distributor, ip:10.0.7.15 and ip:10.0.7.17 two machines as web-tier servers

Software tools: Sshpass

Experimental steps:

1. Create an SSH trust relationship in bulk using the root user

Install the Sshpass software tool on the Distributor ftp://182.254.217.108/pub/soft/

Unzip the file, enter the extracted folder

[Email protected] sshpass-1.05]#./Configure[[email protected] sshpass-1.05make  makeinstall

After installing the Sshpass tool, write trust.sh to establish a trust relationship that will not be executed once the root user has executed it once.

# #引用配置文件, the global variables are stored in the config file. config#======================# function-error_log# defining the error log storage location #======================Error_log () {if[$?-eq0 ] Then    Echo " $ $">> $PWDDIR/$okLogfileElse    Echo "$ $4">> $PWDDIR/$errLogfilefi}#=================================#    function-trust# Creating a key login Environment #=============================Trust () { forIpinch  the  - Do# #批量创建zhangsan用户并赋予密码和. SSH folder Sshpass-P AIXOCMSSH[Email protected]10.0.7. $IP-O Stricthostkeychecking=no"useradd Zhangsan && echo aixocm |passwd zhangsan--stdin && mkdir/home/zhangsan/.ssh/"error_log sshsystem adduser [OK] [error]# #批量拷贝文件分发服务器上zhangsan用户的公钥认证文件给web层服务器 sshpass-P AIXOCMSCP/home/zhangsan/.SSH/authorized_keys [email protected]10.0.7. $IP:/home/zhangsan/.SSH/Authorized_keys error_log sshsystem cpkey [OK] [error]# #由于是使用root用户传送的文件, You need to use the root user to modify the permissions of the. SSH folder and the public key authentication file in the Zhangsan home directory and belong to the main group Sshpass-P AIXOCMSSH[Email protected]10.0.7. $IP-O Stricthostkeychecking=no"chown-r zhangsan:zhangsan/home/zhangsan/.ssh/&& chmod 600/home/zhangsan/.ssh/authorized_keys"error_log sshsystem Changeprem [OK] [error]# #给web层zhangsan user gives sudo permission for daily administration, back up the source files on the Web-tier server before copying the configuration file for recovery Sshpass -P AIXOCMSSH[Email protected]10.0.7. $IP-O Stricthostkeychecking=noMV/etc/sudoers/etc/Sudoers.bak Sshpass-P AIXOCMSCP/etc/sudoers [email protected]10.0.7. $IP:/etc/sudoers error_log sshsystem addsudo [OK] [Error] Done}main () {trust}main;

Config file

Pwddir= 'pwd' errlogfile=errlogoklogfile=oklogIP1=10.0. 7.15 IP2=10.0. 7.17 User= 'whoami'

Once the trust relationship is established using the root user, the Zhangsan user can be managed through the Admin menu script (host,sh) file.

host.sh

#!/bin/Bash#author:cm#filename:host.SH#Version:0.01. Config#use $PWDDIR #use $errLogfile #use $okLogfile #use $IP 1#use $IP 2#use $User #======================# function-error_log#======================Error_log () {if[$?-eq0 ] Then    Echo " $ $">> $PWDDIR/$okLogfileElse    Echo "$ $4">> $PWDDIR/$errLogfilefi}#========================#function-menu1# Level Menu #========================menu1 () {Clear while true Dotput setf4
# # #设置菜单字体颜色为红色
Echo "========================" Echo "Level 1 Menu"EchoEcho "(1) Log on to the Web server"EchoEcho "(2) Large batch distribution of documents"EchoEcho "(3) Exit"Echo "========================"tput setf0
# # #恢复字体颜色为黑色
Read-P"Please enter the serial number "1|2|3" You want to select:"NUM1 Case$num 1inch1)
# # # #显示二级菜单之前, clear screenClearmenu11;;2)Clearmenu12;;3)Echo "system is about to exit ..."Sleep 1ClearExit1;;*)Echo "Please enter the correct serial number [1|2|3]:";;EsacContinue Done}#===========================# function-menu11# Log on to the Web server #===========================Menu11 () {tput setf4Echo  "========================="Echo  "Level 2 Menu"Echo  "(1) Login to Web1 10.0.7.15"EchoEcho  "(2) login to web2 10.0.7.17"EchoEcho  "(3) go back to the previous level menu"Echo  "=========================="tput setf0Read-P"Please enter the serial number you want to select: [1|2]:"num2 Case$num 2inch1) #登录到web1if["$User"=="Zhangsan" ] ThenSSH[email protected] $IP 1ElseEcho "please log in with Zhangsan user ..."Exit1fi;;2) #登录到web2if["$User"=="Zhangsan" ] ThenSSH[email protected] $IP 2ElseEcho "please log in with Zhangsan user ..."Exit1fi;;3)Clearmenu1;;*)Echo "Please select the correct serial number: "1|2":";;Esac}#==============================#  function--->menu12# file Large Volume distribution
#==============================menu12 () {tput setf4Echo "tip: Distribution files are only available in the Zhangsan home directory"Read-P"Please enter the file to be distributed:"Path1read-P"Please enter the file path after distribution:"path2tput setf0 forIpinch  the  - DoSCP$path 1 [email protected]10.0.7. $ip: $path 2 Done}
#=======================
#function-->main ()
#程序调用总入口
#=======================main () {menu1}main;

This allows you to use the Zhang San user on the Distributor to log on to the Web server for action.

Deploying SSH trust relationships in bulk