In a special case, we need to use this method for users to jump automatically.
, the company uses the Fortress machine for server management, different server cluster uses different system users to push, outside the network cluster use "UserA", intranet cluster Use "UserB", but requires the Intranet fleet through the Fortress machine to use the system users are also UserA, That is, the UserB will automatically switch to UserA immediately after landing, this switching process is transparent to the customer. The advantage of this is that although the final landing of the fortress machine users are UserA, but the internal and external network cluster UserA can be managed separately, enhance the flexibility and security of server management.
650) this.width=650; "src=" https://s2.51cto.com/wyfs02/M01/A4/24/wKioL1mlOt6jDFsDAAD3TK7fLmo637.jpg "title=" Pictures _ 20170829175556.jpg "width=" height= "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:300px;height:400px; "alt=" Wkiol1mlot6jdfsdaad3tk7flmo637.jpg "/>
Under the Linux system, we can configure the PAM.D module so that ordinary users can use the SU command to password-free login to the root user, however, we cannot use the same method to make the Su-free switch between ordinary users.
In the intranet cluster, to achieve password-free switching between ordinary users, only need to do the following 2 steps:
1) Implement Userb-->usera password-free SSH login by executing two commands
SSH-KEYGEN-T RSA
Ssh-copy-id-i/home/userb/.ssh/id_rsa.pub [email protected]
2) Append the following to the/HOME/USERB/.BASHRC file:
SSH [email protected]
After the above operation is completed, in the case of root user login, you can use "Su-userb" to switch users, the final switch to the user is UserA. However, there is an imperfect place to do so. We know that when you switch users with the SU command or SSH command, and then exit the server with the Exit command, they do not exit completely, but instead exit to user mode before switching. as follows, exiting to the root user will need to execute the exit command two times.
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/05/74/wKiom1mlSbbzRYnuAAAxEufGZls826.png "title=" Pictures _ Afasaas20170829185925.png "alt=" Wkiom1mlsbbzrynuaaaxeufgzls826.png "/>
To solve this problem, you only need to do the 3rd step:
3) Append the following to the/home/userb/.bash_profile file:
Exit
After this step is set up, the Exit command in UserA user mode exits with a direct fallback to root mode, equivalent to Usera-->root, which only needs to execute the exit command once.
650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/A4/25/wKioL1mlSFWQ-5d9AAAlbXMw4p0373.png "title=" Asfa.png "alt=" Wkiol1mlsfwq-5d9aaalbxmw4p0373.png "/>
This allows the server to automatically switch to UserA user mode when using UserB to log on to the server in the intranet cluster via a bastion machine or Xshell tool, and exits with the Exit command completely. Switching back and forth between UserB and UserA is completely transparent to the customer.
This article is from the "12400094" blog, please be sure to keep this source http://12410094.blog.51cto.com/12400094/1960914
Linux system command "Su-user" between the ordinary users of the swap-free