SSH batch Deployment Service
SSH batch Deployment Service
1.1 distribute private keys to other servers as the central distribution server on NFS
1.1.1NFS deployment
[Root @ nfs-server ~] # Useradd bkjia
[Root @ nfs-server ~] # Echo 123456 | passwd -- stdin bkjia
Changing password for user bkjia.
Passwd: all authentication tokens updated successfully.
Create a password pair:
[Root @ nfs-server ~] # Su-bkjia # Switch to the bkjia user, and batch distribution will be performed under the current user in the future. security considerations
[Bkjia @ nfs-server ~] $ Ssh-keygen-t dsa # ssh-keygen is a tool for generating the key. The-t parameter indicates the type of the key to be created, here, the dsa type of key is created (another type of key is RSA, which has different encryption algorithms)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/bkjia/. ssh/id_dsa ):
Created directory '/home/bkjia/. ssh '.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in/home/bkjia/. ssh/id_dsa.
Your public key has been saved in/home/bkjia/. ssh/id_dsa.pub.
The key fingerprint is:
6f: 65: c4: a6: fb: 32: 45: 0c: 85: c3: bc: 87: 8f: a4: AE: bc bkjia @ nfs-server
The key's randomart image is:
+ -- [DSA 1024] ---- +
| O. |
| *. |
| * + |
| ++ |
| So. = o |
|... + O |
|. +. |
|... O. |
| Eo o. |
+ ----------------- +
[Bkjia @ nfs-server ~] $
[Bkjia @ nfs-server ~] $ Ls-l. ssh/
Total 8
-Rw -------. 1 bkjia zhurui 672 Mar 5 04:23 id_dsa # Private Key
-Rw-r --. 1 bkjia zhurui 607 Mar 5 04:23 id_dsa.pub # Public Key
Distribute the public key to the web-lamp01 Server
[Bkjia @ nfs-server ~] $ Ssh-copy-id-I. ssh/id_dsa.pub bkjia@192.168.1.12 # distribute the public key to the 1.12 Server
The authenticity of host' 192. 168.1.12 (192.168.1.12) 'can't be established.
RSA key fingerprint is d6: e6: e6: 2a: c7: df: 99: 51: bb: f4: 90: 29: 16: df: c4: a5.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.1.12 '(RSA) to the list of known hosts.
Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring
Bkjia@192.168.1.12's password:
Permission denied, please try again.
Bkjia@192.168.1.12's password:
Now try logging into the machine, with "ssh 'bkjia @ 192.168.1.12'", and check in:
. Ssh/authorized_keys
To make sure we haven't added extra keys that you weren't expecting.
[Bkjia @ nfs-server ~] $
1.1.2 distribution and deployment of web-lnmp02 Client
[Bkjia @ nfs-server ~] $ Ssh-copy-id-I. ssh/id_dsa.pub bkjia@192.168.1.13 # distribute the public key to the 1.13 Server
The authenticity of host' 192. 168.1.13 (192.168.1.13) 'can't be established.
RSA key fingerprint is d6: e6: e6: 2a: c7: df: 99: 51: bb: f4: 90: 29: 16: df: c4: a5.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.1.13 '(RSA) to the list of known hosts.
Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring
Bkjia@192.168.1.13's password:
Now try logging into the machine, with "ssh 'bkjia @ 192.168.1.13 '", and check in:
. Ssh/authorized_keys
To make sure we haven't added extra keys that you weren't expecting.
[Bkjia @ nfs-server ~] $
1.1.3 rsync-backup client distribution and deployment
[Bkjia @ nfs-server ~] $ Ssh-copy-id-I. ssh/id_dsa.pub bkjia@192.168.1.17
The authenticity of host '192. 168.1.17 (192.168.1.17) 'can't be established.
RSA key fingerprint is d6: e6: e6: 2a: c7: df: 99: 51: bb: f4: 90: 29: 16: df: c4: a5.
Are you sure you want to continue connecting (yes/no )? Yes
Warning: Permanently added '192. 168.1.17 '(RSA) to the list of known hosts.
Bkjia@192.168.1.17's password:
Now try logging into the machine, with "ssh 'bkjia @ 192.168.1.17'", and check in:
. Ssh/authorized_keys
To make sure we haven't added extra keys that you weren't expecting.
[Bkjia @ nfs-server ~] $
2.1 test on NFS
2.1.1 view the IP address of the web-lamp01 on the current machine using the ssh command
[Bkjia @ nfs-server ~] $ Ssh-P22 bkjia@192.168.1.12/sbin/ifconfig eth0
Eth0 Link encap: Ethernet HWaddr 00: 0C: 29: 49: CE: B3
Inet addr: 192.168.1.12 Bcast: 192.168.1.255 Mask: 255.255.255.0
Inet6 addr: fe80: 20c: 29ff: fe49: ceb3/64 Scope: Link
Up broadcast running multicast mtu: 1500 Metric: 1
RX packets: 7701 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 4795 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 FIG: 1000
RX bytes: 4806676 (4.5 MiB) TX bytes: 484902 (473.5 KiB)
Note: During command execution, skip the password input step.
Next, test the distribution file:
[Bkjia @ nfs-server ~] $ Cp/etc/hosts
Hosts. allow hosts. deny
[Bkjia @ nfs-server ~] $ Cp/etc/hosts.
[Bkjia @ nfs-server ~] $ Ll
[Bkjia @ nfs-server ~] $ Scp-P22 hosts bkjia@192.168.1.12 :~ # Distribute the hosts files in the current directory to 1.12 Directories
Hosts 100% 243 0.2KB/s
[Bkjia @ nfs-server ~] $
Check if there are any hosts files in the bkjia directory on 1.12.
[Root @ lamp01 bkjia] # cat/home/bkjia/hosts
127.0.0.1 localhost. localdomain localhost4 localhost4.localdomain4
: 1 localhost. localdomain localhost6 localhost6.localdomain6
192.168.1.11 nfs-server
192.168.1.17 backup
192.168.1.12 lamp01
192.168.1.13 lnmp02
[Root @ lamp01 bkjia] #
Distribution by script:
[Bkjia @ nfs-server ~] $ Sh fenfa. sh
Hosts 100% 257 0.3KB/s
Hosts 100% 257 0.3KB/s
Hosts 100% 257 0.3KB/s
Batch Management script:
#! /Bin/sh
./Etc/init. d/functions
If [$ #-ne 1]
Then
Echo "USAGE: $0 USAGE | COMMAND"
Exit 1
Fi
For n in 12 13 17
Do
Ssh-p22 bkjia@192.168.1. $ n $1
Done
~
Batch distribution script:
#! /Bin/sh
./Etc/init. d/functions
For n in 12 13 17
Do
Scp-P22 $1 bkjia@192.168.1. $ n :~ &>/Dev/null
If [$? -Eq 0]
Then
Action "fenfa $1 OK"/bin/true
Else
Action "fenfa $1 OK"/bin/false
Fi
Done
~
Distribute hosts files using distribution scripts
1 [bkjia @ nfs-server ~] $ Sh fenfa. sh hosts
2 fenfa hosts OK [OK]
3 fenfa hosts OK [OK]
4 fenfa hosts OK [OK]
5 [bkjia @ nfs-server ~] $
Optimized distribution script
#! /Bin/sh
./Etc/init. d/functions
If [$ #-ne 1]
Then
Echo "USAGE: $0 {FILENAME | DIRNAME }"
Exit 1
Fi
For n in 12 13 17
Do
Scp-P22-r $1 bkjia@192.168.1. $ n :~ &>/Dev/null
If [$? -Eq 0]
Then
Action "fenfa $1 OK"/bin/true
Else
Action "fenfa $1 OK"/bin/false
Fi
Done
You may also like the following SSH-related articles. For details, refer:
Complete SSH service configuration and troubleshooting in Ubuntu
How to install Samba and SSH server in Ubuntu 14.04
SSH service remote access to Linux Server login is slow
How to Improve the SSH login authentication speed of Ubuntu
Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04
How to add dual authentication for SSH in Linux
Configure the SFTP environment for non-SSH users in Linux
Configure and manage the SSH service on Linux
This article permanently updates the link address: