Prepare 3 Machines
1.linux-node1 ip:10.89.3.108 (Springboard machine)
2.weblamp ip:10.89.3.100
3.weblnmp ip:10.89.3.101
The 3 system environments are as follows:
[Email protected] ~]$ cat/etc/redhat-release CentOS release 6.8 (Final)
1) First do SSH key verification
Perform the following operations on all 3 machines
[[Email protected] ~] #useradd jump [[email protected] ~] #echo 123456|passwd--stdin Jump
Perform the following operation on the springboard machine to generate the key.
[Email protected] ~]$ ssh-keygen-t dsa-p '-F ~/.SSH/ID_DSA
Generating Public/private DSA key pair.
Created directory '/home/jump/.ssh '.
Your identification has been saved IN/HOME/JUMP/.SSH/ID_DSA.
Your public key has been saved in/home/jump/.ssh/id_dsa.pub.
The key fingerprint is:
15:4d:94:d8:a8:0d:e9:d4:e1:70:09:0c:8b:de:2c:96 [email protected]
The key ' s Randomart image is:
+--[DSA 1024x768]----+
| . Oo++xo. |
| . .=+=.+ |
| . . o +o |
| . + O.. |
| E o S |
| . . |
| |
| |
| |
+-----------------+
To view the generated key
[Email protected] ~]$ LL/HOME/JUMP/.SSH
Total 8
-RW-------1 Jump 672 Apr 09:49 ID_DSA
-rw-r--r--1 Jump 618 Apr 09:49 id_dsa.pub (public key)
Distributing the public key to 2 other servers
[Email protected] ~]$ ssh-copy-id-i ~/.ssh/id_dsa.pub 10.89.3.101
The authenticity of host ' 10.89.3.101 (10.89.3.101) ' can ' t be established.
RSA key fingerprint is 01:e7:d2:70:fc:a8:1a:ee:88:07:ef:9b:37:40:29:2d.
Is you sure want to continue connecting (yes/no)? Yes
warning:permanently added ' 10.89.3.101 ' (RSA) to the list of known hosts.
[email protected] ' s password: (the password for jump is entered here)
Now try logging to the machine, with "ssh ' 10.89.3.101 '", and check in:
. Ssh/authorized_keys
To make sure we haven ' t added extra keys so you weren ' t expecting.
[Email protected] ~]$
2) Implement the traditional Remote Connection menu selection script
The menu script is as follows:
Cat <<menu
1) weblamp-10.89.3.100
2) weblnmp-10.89.3.101
3) Administrator
Menu
3) Use the Linux signal Shield to prevent user interrupt signals from being operated on a springboard machine
function trapper () {
Trap ': ' INT EXIT TSTP term HUP
}
4) When the user logs on to the springboard, the script is called (cannot use the command line to manage the springboard) and can only be ordered by the administrator.
The script is as follows (action on a springboard machine)
[[email protected] ~]# cat/etc/profile.d/jump.sh [$UID-ne 0] &&/server/scripts/jump.sh
[Email protected] ~]# cat/server/scripts/jump.sh
#!/bin/bash#alvin trainingtrapper () { trap ': ' &NBSP;INT&NBSP;EXIT&NBSP;TSTP term hup}main () { while : do trapper clear cat <<menu 1) weblamp-10.89.3.100 2) weblnmp-10.89.3.101 3) administratormenu read -p "Pls input a num.:" numcase "$num" in 1) echo "login in 10.89.3.100" ssh 10.89.3.100 ;; &NBSP;&NBSP;&NBSP;2) echo "login in 10.89.3.101" ssh 10.89.3.101 ;; 3) stty -echo read -p "Your privite &NBSP;PASSWD: " char if [ " $char " =&nbSP; " 111111 " ]; then stty echo echo " \ n " exit sleep 3 fi ;; *) echo "Select error." esac done}main
[Email protected] ~]# chmod +x/server/scripts/jump.sh
[[email protected] ~]# su-jump 1) weblamp-10.89.3.100 2) weblnmp-10.89.3.101 3) administratorpls input a num.:
650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/8F/E7/wKioL1jtuPnygPrlAAB_0VkAHQk509.jpg-wh_500x0-wm_ 3-wmp_4-s_2043887975.jpg "title=" 1.jpg "alt=" Wkiol1jtupnygprlaab_0vkahqk509.jpg-wh_50 "/>
This article is from the "Knowledge Change Destiny" blog, please be sure to keep this source http://ahtornado.blog.51cto.com/4826737/1915198
Shell Write login Springboard machine