This section describes how to use shell commands to automatically log on to ssh and execute tasks defined by me like a task plan. For more information, see.
Ssh Secure Automatic Login
A is A local host (that is, A machine used to control other hosts );
B is the remote host (that is, the Server of the controlled machine), if the ip address is 172.24.253.2;
Both system A and system B are Linux
Command on:
The Code is as follows: |
Copy code |
# Ssh-keygen-t rsa (Press enter three times in a row to generate a public key and a private key in the keystore without a password) # Ssh root@172.24.253.2 "mkdir. ssh; chmod 0700. ssh" (password required) # Scp ~ /. Ssh/id_rsa.pub root@172.24.253.2:. ssh/id_rsa.pub (password required) |
Command on B:
The Code is as follows: |
Copy code |
# Touch/root/. ssh/authorized_keys2 (if this file already exists, skip this one) # Cat/root/. ssh/id_rsa.pub>/root/. ssh/authorized_keys2 (append the id_rsa.pub content to authorized_keys2) |
Return to machine:
The Code is as follows: |
Copy code |
# Ssh root@172.24.253.2 (password not required, login successful) |
If you can protect your private key, it is safer to enter the password on the shell.
Instance
Task Description:
Use shell scripts to log on to the remote server and run the command: Add a reverse proxy site. For methods for Windows users, see the end of this document.
Functions of the sample code:
Log on to the remote linux server and run the command above. Then, return to the current linux host. Run the command "execute a command to add a reverse proxy site on the remote server ". To add a website, you need to know the domain name. Therefore, this script has a parameter, which is the domain name.
Usage of the sample code:
The Code is as follows: |
Copy code |
Raps. sh xxxxx.com Raps. sh code: #! /Usr/bin/CT # Name: Remote Add Proxy Site, ^ _ ^ # Note: Add a reverse proxy site after the remote server is automatically mounted (built-in configuration) # Note: You need to pass a domain name parameter. The proxySiteAdd in the script is the site adding tool on the remote server. # Usage: raps xxxx.com #2012-11-02 08:55:21
# Configuration Set user upall Set passwd upall @ remote Set server 158.164.198.210 Set port 2222 Set dn [lindex $ argv 0]
# Log on and execute commands Spawn ssh $ user @ $ server-p $ port Reset CT "password :" Send "$ {passwd} n" CT "] #" Send "proxySiteAdd $ {dn} n" CT "] #" Exit |
Supplement:
1. "receive CT"] # "is used to receive terminal output. If the output contains the"] # "mark, continue to execute the command; send is used to execute the command on the remote server.
2. When passing parameters, you cannot directly use "$1" or "$2". "set dn [lindex $ argv 0]" will assign the 0th parameters to $ dn, if "set dn [lindex $ argv 2]" is used, the 3rd parameters are assigned to $ dn.
The Code is as follows: |
Copy code |
#! /Bin/bash HTTPD_CONF = "/etc/httpd/conf/vhosts. conf" # Generate an apache Virtual Host Configuration File (reverse proxy) Echo "<VirtualHost *: 80>"> $ HTTPD_CONF Echo "ServerName www. $1" >>$ HTTPD_CONF Echo "ServerAlias $1" >>$ HTTPD_CONF Echo "ProxyRequests Off" >>$ HTTPD_CONF Echo "<Proxy *>" >>$ HTTPD_CONF Echo "Order deny, allow" >>$ HTTPD_CONF Echo "Allow from all" >>$ HTTPD_CONF Echo "</Proxy>" >>$ HTTPD_CONF Echo "ProxyPass/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF Echo "ProxyPassReverse/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF Echo "</VirtualHost>" >>$ HTTPD_CONF Echo "CONF:" $ HTTPD_CONF #### The following code is used for redirection. If you do not want to use reverse proxy, you can replace the above Code with the following code. # Generate an apache Virtual Host Configuration File (jump) # Echo "<VirtualHost *: 80>"> $ HTTPD_CONF # Echo "ServerName www. $1"> $ HTTPD_CONF # Echo "ServerAlias $1" >>$ HTTPD_CONF # Echo "Redirect/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF # Echo "</VirtualHost>"> $ HTTPD_CONF |
Solutions for Windows users
You can use plink.exe to implement this function, for example:
The Code is as follows: |
Copy code |
1 plink-pw yourPassword root@123.123.123.123-P 23 doSomething. sh |
<End>
This function will be added to this script here :.
A little deeper:
A simple understanding of the login process on the surface,
First, the ssh-keygen-t rsa command generates a key and a public key, and you can set your own password for the key.
The key can be understood as a key, and the public key can be understood as the lock header corresponding to the key,
Place the lock header (Public Key) on the server to be controlled and lock the server. Only persons with the key (key) can open the lock header, enter the server, and control
For those who own the key, they must know the password of the key to use it (unless the key is not set ), this prevents the key from being configured (the private key is copied)
Of course, this example is just easy to understand,
Of course, people with the root password will not be locked, and not necessarily have only one lock (Public Key), but if any lock is used, the corresponding key (Private Key) will be used) the server can be controlled by that person.
Therefore, as long as you have known the root password of the server and put the public key with the root identity on it, you can use the private key corresponding to this public key to "open" server, log on as root, even if the root password has been changed!
To control n hosts, you need n pairs of keys (key and public key). The ssh-keygen command can change the name of the key pair at will, for example:
The Code is as follows: |
Copy code |
[Root @ wwy. ssh] # ssh-keygen-t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/. ssh/id_rsa):/root/. ssh/id_rsa_192.168.102.12 ...... |
In this way, the private key and public key are named respectively:
Id_rsa_192.168.102.12 and id_rsa_192.168.102.12.pub
Then, append the content of the id_rsa_192.168.102.12.pub file to the sever's ~ /. Ssh/authorized_keys2 file,
Finally, use the-I parameter of the local ssh command to specify the local key, and log on:
# Ssh-I/root/. ssh/id_rsa_192.168.102.12 192.168.102.12
If a password is set for the key, log on with the key password. If no password is set, log on directly.
The same is true for scp.
For example:
Scp-I/root/. ssh/id_rsa./xxx 192.168.102.158:/home/wwy/bak
This kind of security without a password, the following describes a more secure
First, generate a new ssh key pair.
The Code is as follows: |
Copy code |
[Guo @ guo zuo] $ ssh-keygen-f id_ras-t rsa Generating public/private rsa key pair. Enter passphrase (empty for no passphrase ): Enter same passphrase again: Your identification has been saved in id_ras. Your public key has been saved in id_ras.pub. The key fingerprint is: 17: ca: c3: 37: 8f: 60: 86: 42: d0: 0d: b7: 4d: 70: a1: b2: a3 guo @ guo The key's randomart image is: + -- [RSA 2048] ---- + |... Oo. +. | |... * | | O .. | |. O +... | | +. S + | |. O = + | | E... | | | + ----------------- + |
When the program asks for the password, press enter, indicating that no password is set. A private key is generated in the working directory. The password is named is_rsa and the Public Key File id_psa.pub.
[Guo @ guo zuo] $ ls id *
Id_ras id_ras.pub
Next, copy a public key to the remote host.
The Code is as follows: |
Copy code |
[Guo @ guo zuo] $ ssh-copy-id root@222.24.21.61 Root@222.24.21.61's password: Now try logging into the machine, with "ssh 'root @ 222.24.21.61 '", and check in: . Ssh/authorized_keys To make sure we haven't added extra keys that you weren't expecting. This time, you need to enter the password. However, you do not need to enter the password any more. [Guo @ guo zuo] $ ssh-copy-id root@222.24.21.61 Root@222.24.21.61's password: Now try logging into the machine, with "ssh 'root @ 222.24.21.61 '", and check in: . Ssh/authorized_keys To make sure we haven't added extra keys that you weren't expecting. Run the script. [Guo @ guo zuo] $ cat guossh. sh #! /Bin/sh Ssh root@222.24.21.61 [Guo @ guo zuo] $ sh guossh. sh Last login: Sun Nov 13 20:28:30 2011 from 222.24.21.61 [Root @ guo ~] # |
Now you have logged on.