Safety planning for Springboard machine:
Back-end server--center machine, Springboard machine
Springboard machine: Used as a springboard Landing center machine
Central machine: Commonly used for distribution, used to log on to the backend server
In the intranet: generally directly connected to the central machine, and then directly connected to the back-end server
In the external network: in order to be safe, the general user will first connect the springboard machine, then connect the central machine, and then connect the backend server in the central machine
Note: Ordinary users are not allowed to log on to the terminal of the springboard machine
Three-tier catalog Springboard script implementation features:
1. Connect the springboard with normal users and connect directly to the backend server
2, Ssh+key authentication, the CRT proxy forwarding function opens, self-identification user, no need to enter user name, password and port
3, trap signal capture does not allow the user Crtl+c exit script, Springboard script ordinary users will automatically run a login
Note: This only shows the SSH connection of one of the servers on the Qqandroid platform, the same as the IP connection of other platform servers
#创建脚本目录
Mkdir-p/scripts/tiaoban/{qqandroid,qqios,qqwxandroid,wxios}
#禁止普通用户登陆
cat/etc/profile.d/tiaoban.sh[$UID-ne 0] &&. /scripts/tiaoban/tiaoban.sh
#脚本目录结构
[Email protected]/]# tree/scripts/tiaoban//scripts/tiaoban/├──qqandroid│├──1_100.sh│├──ip.txt│└──qqandroid . SH├──QQIOS├──QQWXANDROID├──TIAOBAN.SH└──WXIOS4 directories, 4 files
#跳板脚本第一层目录,
cat /scripts/tiaoban/tiaoban.sh #!/bin/ Bashfunction trapper () {trap ': ' 1 2 3 20 15}while :d o trapperclearcat <<menu &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;1) qqandroid &NBSP;&NBSP;&NBSP;&NBSP;2) Qqios (feature not developed) 3) wxandroid (function not developed) 4) Wxios (feature not developed) 5) exitmenuread -p ' please select a num: ' numcase "$num" in1) sh /scripts/tiaoban/qqandroid/qqandroid.sh ;; 2) sh /scripts/tiaoban/qqios/qqios.sh ;; 3) sh /scripts/tiaoban/wxandroid/wxandroid.sh ;; 4) sh /scripts/tiaoban/wxios/wxios.sh ;; 5) exit esacdone
#跳板机脚本第二层目录
Cat /scripts/tiaoban/qqandroid/qqandroid.sh#!/bin/bashfunction trapper () { trap ': ' 1 2 3 20 15}while :d o trapper clear cat <<menu 1) qq1-100 clothing 2) qq101-200 (function not developed) 3) qq201-300 (function not developed) 4) qq301-400 (function not developed) 5) return to the top level 6) exitmenuread -p ' please select a num: ' numcase $num ' in1) &NBSP;SH&NBSP;/SCRIPTS/TIAOBAN/QQandroid/1_100.sh ;; 2) sh /scripts/tiaoban/qqandroid/101_200.sh ;; 3) sh /scripts/tiaoban/qqandroid/201_300.sh ;; 4) sh /scripts/tiaoban/qqandroid/301_400.sh ;; 5) sh /scripts/tiaoban/tiaoban.sh ;; 6) exit esacdone
#跳板机脚本第三层目录
Cat /scripts/tiaoban/qqandroid/1_100.sh#!/bin/bashfunction trapper () { trap ': ' 1 2 3 20 15}while :d o trapper clear cat <<menu 1) qq1 Clothing &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;2) QQ2 (function not developed) 3) QQ3 (function not developed) &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;4) QQ ... (function not developed) 5) return to the previous level of the directory  ( 6) back home 7) exit menuread -p ' Please select a num: ' numyh= ' id ' user= ' echo $yh | awk -f ' ' ' {print $2} ' | awk -f ' gid= ' ' {print $2} ' | awk -f ' (' ' {print $2} ' | awk -f ') " ' {print $1} ' case " $num " in1) ip= ' head -$ Num /scripts/tiaoban/qqandroid/ip.txt ' ssh -p 22 [email protected] $ip ;; 2) ip= ' head -$num /scripts/tiaoban/qqandroid/ip.txt ' ssh -p 22 [email Protected] $ip ;; 3) ip= ' head -$num /scripts/tiaoban/qqandroid/ip.txt ' ssh -p 22 [email Protected] $ip ;; 4) ip= ' head -$num /scripts/tiaoban/qqandroid/ip.txt ' ssh -p 22 [email Protected] $ip ;; &NBSP;5) sh /scripts/tiaoban/qqandroid/qqandroid.sh ;; &NBSP;6) sh /scripts/tiaoban/tiaoban.sh ;; 7) exit esacdone
#ip. txt file display
[Email protected] ~]# Cat/scripts/tiaoban/qqandroid/ip.txt 192.168.17.215192.168.17.216192.168.17.217192.168.17.218192.168.17.219192.168.17.220192.168.17.221192.168.17.222192.168.1 7.223192.168.17.224192.168.17.225
#脚本执行展示
1) Normal User Login
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/83/18/wKioL1dqpy2y2umGAACcUuLyiY0667.png-wh_500x0-wm_3 -wmp_4-s_3412665460.png "title=" 1.png "alt=" Wkiol1dqpy2y2umgaaccuulyiy0667.png-wh_50 "/>
2) First Level catalogue
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M00/83/19/wKiom1dqp0ziUdcTAABOE6pB-cs739.png-wh_500x0-wm_3 -wmp_4-s_638941900.png "title=" 2.png "alt=" Wkiom1dqp0ziudctaaboe6pb-cs739.png-wh_50 "/>
3) Second Level directory
650) this.width=650; "Src=" Http://s1.51cto.com/wyfs02/M02/83/19/wKiom1dqp2bC-nVpAABi-nxFlt8270.png-wh_500x0-wm_3 -wmp_4-s_1862629400.png "title=" 3.png "alt=" Wkiom1dqp2bc-nvpaabi-nxflt8270.png-wh_50 "/>
4) Third level catalogue and landing success Show
650) this.width=650; "Src=" Http://s4.51cto.com/wyfs02/M00/83/18/wKioL1dqp4zjK0mgAAD_cc_pWdo917.png-wh_500x0-wm_3 -wmp_4-s_2182483837.png "title=" qq picture 20160622225739.png "alt=" Wkiol1dqp4zjk0mgaad_cc_pwdo917.png-wh_50 "/>
Note: In the three layer any level of ordinary users are crtl+c is invalid, and in the third level select Exit Exit will return to the second level, in the second level select Exit will return to the first layer, in the first layer select exit will unregister terminal re-execute the springboard script, ordinary users can not log on to the springboard terminal, known
This article is from the "Wsyht blog" blog, make sure to keep this source http://wsyht2015.blog.51cto.com/9014030/1791938
Linux under Trap+shell Three-layer Directory Professional specification springboard machine script