shell 寫登入跳板機

標籤：shell 跳板機

準備3台機器

1.linux-node1  ip:10.89.3.108 (跳板機)

2.weblamp      ip:10.89.3.100

3.weblnmp      ip:10.89.3.101

3台系統內容如下：

[[email protected] ~]$ cat /etc/redhat-release CentOS release 6.8 (Final)

1)首先做好SSH密鑰驗證

在所有的3台機器上執行下面操作

 [[email protected] ~]#useradd jump [[email protected] ~]#echo 123456|passwd --stdin jump

 

在跳板機上執行下面操作，產生密鑰。

[[email protected] ~]$ ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsa

Generating public/private dsa key pair.

Created directory ‘/home/jump/.ssh‘.

Your identification has been saved in /home/jump/.ssh/id_dsa.

Your public key has been saved in /home/jump/.ssh/id_dsa.pub.

The key fingerprint is:

15:4d:94:d8:a8:0d:e9:d4:e1:70:09:0c:8b:de:2c:96 [email protected]

The key‘s randomart image is:

+--[ DSA 1024]----+

|      .oo++Xo.   |

|     . .=+=.+    |

|    . .o +o      |

|   . +  o..      |

|    E o S        |

|   . .           |

|                 |

|                 |

|                 |

+-----------------+

查看產生的密鑰

[[email protected] ~]$ ll /home/jump/.ssh

total 8

-rw------- 1 jump jump 672 Apr 12 09:49 id_dsa

-rw-r--r-- 1 jump jump 618 Apr 12 09:49 id_dsa.pub  （公開金鑰）

將公開金鑰分發到其他2台伺服器

[[email protected] ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub 10.89.3.101

The authenticity of host ‘10.89.3.101 (10.89.3.101)‘ can‘t be established.

RSA key fingerprint is 01:e7:d2:70:fc:a8:1a:ee:88:07:ef:9b:37:40:29:2d.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ‘10.89.3.101‘ (RSA) to the list of known hosts.

[email protected]‘s password: (此處輸入的是jump的密碼)

Now try logging into the machine, with "ssh ‘10.89.3.101‘", and check in:

  .ssh/authorized_keys

to make sure we haven‘t added extra keys that you weren‘t expecting.

[[email protected] ~]$ 

2）實現傳統的遠端連線菜單選擇指令碼

菜單指令碼如下：

cat <<menu

    1)weblamp-10.89.3.100

    2)weblnmp-10.89.3.101

    3)administrator

menu

3)利用linux 訊號屏蔽防止使用者中斷訊號在跳板機上操作

function trapper(){

trap ‘:‘ INT EXIT TSTP TERM HUP

}

4）使用者登入跳板機後即呼叫指令碼（不能使用命令列管理跳板機），並只能按管理員的要求選單

指令碼如下（跳板機上操作）

[[email protected] ~]# cat /etc/profile.d/jump.sh [ $UID -ne 0 ] && /server/scripts/jump.sh

[[email protected] ~]# cat /server/scripts/jump.sh

#!/bin/bash#Alvin trainingtrapper(){    trap ‘:‘ INT EXIT TSTP TERM HUP}main(){    while :    do    trapper    clear    cat <<menu    1)weblamp-10.89.3.100    2)weblnmp-10.89.3.101    3)administratormenu    read -p "Pls input a num.:" numcase "$num" in   1)   echo "login in 10.89.3.100"   ssh 10.89.3.100   ;;   2)   echo "login in 10.89.3.101"   ssh 10.89.3.101  ;;   3)   stty -echo   read -p "your privite passwd:" char    if [ "$char" = "111111" ]; then    stty echo    echo "\n"     exit     sleep 3   fi  ;;   *)    echo "select error."   esac done}main

[[email protected] ~]# chmod +x /server/scripts/jump.sh

[[email protected] ~]# su - jump    1)weblamp-10.89.3.100    2)weblnmp-10.89.3.101    3)administratorPls input a num.:

650) this.width=650;" src="https://s1.51cto.com/wyfs02/M01/8F/E7/wKioL1jtuPnygPrlAAB_0VkAHQk509.jpg-wh_500x0-wm_3-wmp_4-s_2043887975.jpg" title="1.jpg" alt="wKioL1jtuPnygPrlAAB_0VkAHQk509.jpg-wh_50" />

本文出自 “知識改變命運” 部落格，請務必保留此出處http://ahtornado.blog.51cto.com/4826737/1915198

shell 寫登入跳板機