Linux Springboard machine configuration

1.IP Configuration ###############

Springboard Machine IP : 192.168.10.128

Server1ip:192.168.10.133

Server2ip:192.168.10.132

Server3ip:192.168.10.131

2. Create User ###############

[email protected] ~]# Useradd Jump to operate on all machines.

[email protected] ~]# echo 123456|passwd--stdin Jump to operate on all machines.

3. Springboard machine configuration ##############

1) Configure password-free login

[Email protected] ~]# Su-jump

[email protected] ~]$ ssh-keygen-t dsa-p '-F ~/.ssh/id_dsa >/dev/null 2>&1 Generate key

[email protected] ~]$ ssh-copy-id-i ~/.ssh/id_dsa.pub 192.168.10.133 to send the public key to another server

[email protected] ~]$ ssh-copy-id-i ~/.ssh/id_dsa.pub 192.168.10.13 2

[email protected] ~]$ ssh-copy-id-i ~/.ssh/id_dsa.pub 192.168.10.13 1

2) Configure the Springboard script 1

[Email protected] ~]# cat/scripts/jump.sh

#!/bin/sh

Trapper () {

trap ': ' INT EXIT tstp term HUP #防止Users enter these signals to exit the script into the springboard system

}

Main () {

While:

Do

Trapper

cLear

Cat <<menu #显示菜单

        1 ) server1- 192.168. 10.133

2) server2- 192.168.10.132

3) server3-192.168.10.131

Menu

Read-p "Pls input a num.:" num

Case ' $num ' in

1)

echo ' login in 192.168. 10.133 '

ssh 192.168. 10.133

;;

2)

         echo ' login in 192.168. 10 .1 '

ssh 192.168. 10.132

;;

3)

         echo ' login in 192.168. 10 .1 '

ssh 192.168. 10.131

;;

110)

Read-p "Your Birthday:" Char

if ["$char" = "0803"];then

Exit

Sleep 3

Fi

;;

*)

echo "Select Error."

Esac

Done

}

Main

3) Configuring the Provoke Machine Script 2

[[email protected] ~]# echo ' [$UID-ne 0] &&. /scripts/jump.sh ' >/etc/profile.d/jump.sh # # #新建一个脚本放入开机运行目录下, to call the jump script, in addition to the root user, other users boot up to execute the springboard script

4) Testing

[email protected] ~]# Su-jump ########### Test Normal user login

1) server1-192.168.10.133

2) server2-192.168.10.132

3) server3-192.168.10.131

Pls input a Num.:1

Login in 192.168.10.133

Last Login:mon Jul 09:47:45 from 192.168.10.128

[Email protected] ~]$

[[Email protected] ~] $SU-jump########### test Administrator channel

Logout

Connection to 192.168.10.133 closed.

1) server1-192.168.10.133

2) server2-192.168.10.132

3) server3-192.168.10.131

Pls input a num.:110

Your birthday:0803

[Email protected] ~]#

4. Springboard Machine Safety Application #############

1. The springboard machine prohibits the external network SSH login, only through the intranet Ipssh login

ListenAddress Intranet IP

2. The server also prohibits the external network IP login via SSH, only intranet IP login. At the same time prohibit root ssh login, and so done sshkey-free login, even password login also banned, and only the springboard machine has other server key

Permitemptypasswords No

3. Telnet to the VPN first, then log on to the board, and then log in to the other server from the springboard machine

5. Note: SSH main configuration file /etc/ssh/sshd_config  

#PortSSH default listener TCP port 22nd

#ListenAddress 0.0.0.0 listens to all local addresses by default

#Protocol 2

#PermitRootLogin Yes by default allows the root user to SSH in

#PermitEmptyPasswords No to allow blank password login

#PasswordAuthentication Yes to allow login via password

This article is from the "Feng" blog, make sure to keep this source http://fengxiaoli.blog.51cto.com/12104465/1952844

Linux Springboard machine configuration