In windows/linux, shell automatically logs on to ssh and runs some commands.

Source: Internet
Author: User

This section describes how to use shell commands to automatically log on to ssh and execute tasks defined by me like a task plan. For more information, see.

Ssh Secure Automatic Login


A is A local host (that is, A machine used to control other hosts );
B is the remote host (that is, the Server of the controlled machine), if the ip address is 172.24.253.2;
Both system A and system B are Linux

Command on:

The Code is as follows: Copy code
# Ssh-keygen-t rsa (Press enter three times in a row to generate a public key and a private key in the keystore without a password)
# Ssh root@172.24.253.2 "mkdir. ssh; chmod 0700. ssh" (password required)
# Scp ~ /. Ssh/id_rsa.pub root@172.24.253.2:. ssh/id_rsa.pub (password required)

Command on B:

The Code is as follows: Copy code
# Touch/root/. ssh/authorized_keys2 (if this file already exists, skip this one)
# Cat/root/. ssh/id_rsa.pub>/root/. ssh/authorized_keys2 (append the id_rsa.pub content to authorized_keys2)

Return to machine:

The Code is as follows: Copy code
# Ssh root@172.24.253.2 (password not required, login successful)

If you can protect your private key, it is safer to enter the password on the shell.

Instance

Task Description:
Use shell scripts to log on to the remote server and run the command: Add a reverse proxy site. For methods for Windows users, see the end of this document.

Functions of the sample code:
Log on to the remote linux server and run the command above. Then, return to the current linux host. Run the command "execute a command to add a reverse proxy site on the remote server ". To add a website, you need to know the domain name. Therefore, this script has a parameter, which is the domain name.

Usage of the sample code:

The Code is as follows: Copy code

Raps. sh xxxxx.com
Raps. sh code:

#! /Usr/bin/CT
# Name: Remote Add Proxy Site, ^ _ ^
# Note: Add a reverse proxy site after the remote server is automatically mounted (built-in configuration)
# Note: You need to pass a domain name parameter. The proxySiteAdd in the script is the site adding tool on the remote server.
# Usage: raps xxxx.com
#2012-11-02 08:55:21

# Configuration
Set user upall
Set passwd upall @ remote
Set server 158.164.198.210
Set port 2222
Set dn [lindex $ argv 0]

# Log on and execute commands
Spawn ssh $ user @ $ server-p $ port
Reset CT "password :"
Send "$ {passwd} n"
CT "] #"
Send "proxySiteAdd $ {dn} n"
CT "] #"
Exit

Supplement:

1. "receive CT"] # "is used to receive terminal output. If the output contains the"] # "mark, continue to execute the command; send is used to execute the command on the remote server.

2. When passing parameters, you cannot directly use "$1" or "$2". "set dn [lindex $ argv 0]" will assign the 0th parameters to $ dn, if "set dn [lindex $ argv 2]" is used, the 3rd parameters are assigned to $ dn.

The Code is as follows: Copy code

#! /Bin/bash
HTTPD_CONF = "/etc/httpd/conf/vhosts. conf"
# Generate an apache Virtual Host Configuration File (reverse proxy)
Echo "<VirtualHost *: 80>"> $ HTTPD_CONF
Echo "ServerName www. $1" >>$ HTTPD_CONF
Echo "ServerAlias $1" >>$ HTTPD_CONF
Echo "ProxyRequests Off" >>$ HTTPD_CONF
Echo "<Proxy *>" >>$ HTTPD_CONF
Echo "Order deny, allow" >>$ HTTPD_CONF
Echo "Allow from all" >>$ HTTPD_CONF
Echo "</Proxy>" >>$ HTTPD_CONF
Echo "ProxyPass/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF
Echo "ProxyPassReverse/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF
Echo "</VirtualHost>" >>$ HTTPD_CONF
Echo "CONF:" $ HTTPD_CONF
#### The following code is used for redirection. If you do not want to use reverse proxy, you can replace the above Code with the following code.
# Generate an apache Virtual Host Configuration File (jump)
# Echo "<VirtualHost *: 80>"> $ HTTPD_CONF
# Echo "ServerName www. $1"> $ HTTPD_CONF
# Echo "ServerAlias $1" >>$ HTTPD_CONF
# Echo "Redirect/http: // $ 1.demo.upall.cn/"> $ HTTPD_CONF
# Echo "</VirtualHost>"> $ HTTPD_CONF


Solutions for Windows users

You can use plink.exe to implement this function, for example:

The Code is as follows: Copy code

1 plink-pw yourPassword root@123.123.123.123-P 23 doSomething. sh

<End>

This function will be added to this script here :.


A little deeper:

A simple understanding of the login process on the surface,
First, the ssh-keygen-t rsa command generates a key and a public key, and you can set your own password for the key.
The key can be understood as a key, and the public key can be understood as the lock header corresponding to the key,
Place the lock header (Public Key) on the server to be controlled and lock the server. Only persons with the key (key) can open the lock header, enter the server, and control
For those who own the key, they must know the password of the key to use it (unless the key is not set ), this prevents the key from being configured (the private key is copied)

Of course, this example is just easy to understand,
Of course, people with the root password will not be locked, and not necessarily have only one lock (Public Key), but if any lock is used, the corresponding key (Private Key) will be used) the server can be controlled by that person.
Therefore, as long as you have known the root password of the server and put the public key with the root identity on it, you can use the private key corresponding to this public key to "open" server, log on as root, even if the root password has been changed!

To control n hosts, you need n pairs of keys (key and public key). The ssh-keygen command can change the name of the key pair at will, for example:

The Code is as follows: Copy code
[Root @ wwy. ssh] # ssh-keygen-t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/. ssh/id_rsa):/root/. ssh/id_rsa_192.168.102.12
......

In this way, the private key and public key are named respectively:
Id_rsa_192.168.102.12 and id_rsa_192.168.102.12.pub
Then, append the content of the id_rsa_192.168.102.12.pub file to the sever's ~ /. Ssh/authorized_keys2 file,

Finally, use the-I parameter of the local ssh command to specify the local key, and log on:
# Ssh-I/root/. ssh/id_rsa_192.168.102.12 192.168.102.12

If a password is set for the key, log on with the key password. If no password is set, log on directly.

The same is true for scp.
For example:
Scp-I/root/. ssh/id_rsa./xxx 192.168.102.158:/home/wwy/bak

This kind of security without a password, the following describes a more secure

First, generate a new ssh key pair.

The Code is as follows: Copy code

[Guo @ guo zuo] $ ssh-keygen-f id_ras-t rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
Your identification has been saved in id_ras.
Your public key has been saved in id_ras.pub.
The key fingerprint is:
17: ca: c3: 37: 8f: 60: 86: 42: d0: 0d: b7: 4d: 70: a1: b2: a3 guo @ guo
The key's randomart image is:
+ -- [RSA 2048] ---- +
|... Oo. +. |
|... * |
| O .. |
|. O +... |
| +. S + |
|. O = + |
| E... |
|
|
+ ----------------- +

When the program asks for the password, press enter, indicating that no password is set. A private key is generated in the working directory. The password is named is_rsa and the Public Key File id_psa.pub.

[Guo @ guo zuo] $ ls id *

Id_ras id_ras.pub

Next, copy a public key to the remote host.

The Code is as follows: Copy code

[Guo @ guo zuo] $ ssh-copy-id root@222.24.21.61
Root@222.24.21.61's password:
Now try logging into the machine, with "ssh 'root @ 222.24.21.61 '", and check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

This time, you need to enter the password. However, you do not need to enter the password any more.

[Guo @ guo zuo] $ ssh-copy-id root@222.24.21.61
Root@222.24.21.61's password:
Now try logging into the machine, with "ssh 'root @ 222.24.21.61 '", and check in:

. Ssh/authorized_keys

To make sure we haven't added extra keys that you weren't expecting.

Run the script.

[Guo @ guo zuo] $ cat guossh. sh
#! /Bin/sh
Ssh root@222.24.21.61
[Guo @ guo zuo] $ sh guossh. sh
Last login: Sun Nov 13 20:28:30 2011 from 222.24.21.61
[Root @ guo ~] #

Now you have logged on.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.