Windows/linux shell automatically logs in to SSH and executes some commands

Source: Internet
Author: User

SSH Secure Automatic Logon


A is a local host (that is, a machine used to control other hosts);
b is a remote host (that is, a controlled machine server), if IP is 172.24.253.2;
Both A and B systems are Linux.

The command on a:

The code is as follows Copy Code
# ssh-keygen-t RSA (three consecutive returns, that is, the public and private keys are generated locally, no password is set)
# SSH root@172.24.253.2 "mkdir. Ssh;chmod 0700. SSH" (password required)
# SCP ~/.ssh/id_rsa.pub root@172.24.253.2:.ssh/id_rsa.pub (need to enter password)

The Order on B:

The code is as follows Copy Code
# TOUCH/ROOT/.SSH/AUTHORIZED_KEYS2 (If this file is already present, skip this one)
# cat/root/.ssh/id_rsa.pub >>/root/.ssh/authorized_keys2 (append id_rsa.pub content to Authorized_keys2)

Back to a machine:

The code is as follows Copy Code
# SSH root@172.24.253.2 (no password required, login successful)

If you can protect your private key, this method is relative to the shell to enter a password, to be safe

Instance

Task Description:
Log on to the remote server using a shell script and execute the command: Add the reverse proxy site. The Windows user approach is shown at the end of this article.

The features of the sample code:
Log on to a remote Linux server and return to the current Linux host after executing commands on the top, executing a command to add a reverse proxy site on the remote server. Add a site need to know the domain name, so this script has a parameter, this parameter is the domain name.

Use of sample code:

  code is as follows copy code

  raps.sh xxxxx.com
raps.sh code:

#!/usr/bin/expect
# Name: Remote Add proxy site, ^_^
# Description: Automatically board a remote server and add a reverse proxy station Point (Configuration built-in)
# Note: You need to pass a domain name parameter, the Proxysiteadd in the script is the Add Site tool on the remote server
# Usage: raps xxxx.com
# 2012-11-02 08:55:21
 
# configuration
Set user Upall
Set passwd upall@remote
Set server 158.164.198.210
Set port 2222
Set DN [lindex $ARGV 0]
 
# Login and execute command
Spawn ssh $user @ $server-P $port
Expect "password:"
Send "${passwd}n"
Expect "]#"
Send Proxysiteadd ${dn}n
Expect "]#"
Exit

Add:

1, "expect"]# "" for receiving terminal output, if the output of the "]#" flag down to continue the execution of the command; Send is used to execute commands on the remote server.

2, pass the parameter cannot use "$", "$" directly, "set DN [lindex $argv 0]" will assign the No. 0 parameter to $DN, if "Set DN [lindex $argv 2]" will assign the 3rd parameter to $DN.

The code is as follows Copy Code

#!/bin/bash
httpd_conf= "/etc/httpd/conf/vhosts.conf"
# Generate Apache Virtual Host configuration file (reverse proxy)
echo "<virtualhost *:80>" >> $HTTPD _conf
echo "ServerName www.$1" >> $HTTPD _conf
echo "Serveralias $" >> $HTTPD _conf
echo "proxyrequests off" >> $HTTPD _conf
echo "<proxy *>" >> $HTTPD _conf
echo "Order Deny,allow" >> $HTTPD _conf
echo "Allow from all" >> $HTTPD _conf
echo "</Proxy>" >> $HTTPD _conf
echo "proxypass/http://$1.demo.upall.cn/" >> $HTTPD _conf
echo "proxypassreverse/http://$1.demo.upall.cn/" >> $HTTPD _conf
echo "</VirtualHost>" >> $HTTPD _conf
echo "CONF:" $HTTPD _conf
The following code is a jump switch, if you do not want to use the reverse proxy can be replaced by the bottom of the code above the
# Generate Apache Virtual host configuration file (jump)
#echo "<virtualhost *:80>" >> $HTTPD _conf
#echo "ServerName www.$1" >> $HTTPD _conf
#echo "Serveralias $" >> $HTTPD _conf
#echo "redirect/http://$1.demo.upall.cn/" >> $HTTPD _conf
#echo "</VirtualHost>" >> $HTTPD _conf


Solutions for Windows users

You can use Plink.exe to implement this feature, examples:

The code is as follows Copy Code

1 PLINK-PW yourpassword root@123.123.123.123-p dosomething.sh

Finish >

This feature will be added to this script here:.


A little deeper:

On the surface, simply understand the login process,
First SSH-KEYGEN-T the RSA command generates a key and a public key, and the key can set its own password
The key can be understood as a key, and the public key is understood to be the lock corresponding to the key.
Put the lock (public key) on the server you want to control, lock the server, only the person with the key (key) can open the lock, enter the server and control
For the person who owns the key, it is necessary to know the key's password in order to use the key (unless the key has not been set), so that the key can be prevented from being matched (the private key is copied)

Of course, this example is just easy to understand,
The person with the root password is certainly not locked, and there is not necessarily only one lock (public key), but if any lock is opened with its corresponding key (private key), the server can be controlled by that person.
So, as long as you know the server's root password, and will have the root of the public key to the above, you can use the public key corresponding to the private key "open" server, and then log in as root, even if the root password has been changed!

If you want to control n machines, you need n pairs of keys (keys and public keys), the Ssh-keygen command can change the name of the key pair arbitrarily, for example:

The code is as follows Copy Code
[Root@wwy. ssh]# ssh-keygen-t RSA
Generating public/private RSA key pair.
Enter file in which to save the key (/ROOT/.SSH/ID_RSA):/root/.ssh/id_rsa_192.168.102.12
......

This is the name of the private key and the public key, respectively:
Id_rsa_192.168.102.12 and Id_rsa_192.168.102.12.pub
The contents of the Id_rsa_192.168.102.12.pub file are then appended to the sever ~/.ssh/authorized_keys2 file,

Finally, the local key is specified locally with the-I parameter of the SSH command and logged in:
# ssh-i/root/.ssh/id_rsa_192.168.102.12 192.168.102.12

If the key is set with a password, log in with the key password, and then log in directly without setting the password.

The SCP is the same.
Such as:
Scp-i/root/.ssh/id_rsa./xxx 192.168.102.158:/home/wwy/bak

This is not a password-insecure, see below a more secure

A new SSH key pair is generated first

The code is as follows Copy Code

[Guo@guo zuo]$ ssh-keygen-f id_ras-t RSA
Generating public/private RSA key pair.
Enter passphrase (empty for no passphrase):
Enter same Passphrase again:
Your identification has been saved in Id_ras.
Your public key has been saved in id_ras.pub.
The key fingerprint is:
17:ca:c3:37:8f:60:86:42:d0:0d:b7:4d:70:a1:b2:a3 Guo@guo
The key ' s Randomart image is:
+--[RSA 2048]----+
|       ... oo.+. |
| ....*         |
| o O.      . |
| . O +.     . |
| + . S + |
| . o O = + |
| E.    . |
| |
| |
+-----------------+

When the program asks the password, press "Enter" to indicate that no password is set, the private key is generated in the working directory, the password file name is Is_rsa, and the public key file id_psa.pub.

[Guo@guo zuo]$ ls id*

Id_ras id_ras.pub

Next, copy a public key to the remote host

The code is as follows Copy Code

[Guo@guo zuo]$ Ssh-copy-id root@222.24.21.61
root@222.24.21.61 ' s Password:
Now try logging to the machine, with SSH ' root@222.24.21.61 ', and check in:

. Ssh/authorized_keys

To make sure we haven ' t added extra keys this you weren ' t expecting.

This time you need to enter a password. But you won't have to enter the password again.

[Guo@guo zuo]$ Ssh-copy-id root@222.24.21.61
root@222.24.21.61 ' s Password:
Now try logging to the machine, with SSH ' root@222.24.21.61 ', and check in:

. Ssh/authorized_keys

To make sure we haven ' t added extra keys this you weren ' t expecting.

Next, execute the script.

[Guo@guo zuo]$ Cat guossh.sh
#!/bin/sh
SSH root@222.24.21.61
[Guo@guo zuo]$ SH guossh.sh
Last Login:sun Nov 20:28:30 from 222.24.21.61
[Root@guo ~]#

It's already logged on.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.