集群06-ssh批量管理分发项目实战
集群06-ssh批量管理分发项目实战
架构图
1、 创建用户名和密码
[[email protected] ~]# useradd oldgirl
[[email protected] ~]# echo "000000" |passwd oldgirl –stdin
[[email protected] ~]# useradd oldgirl
[[email protected] ~]# echo "000000" |passwd oldgirl –stdin
[[email protected] ~]# useradd oldgirl
[[email protected] ~]# echo "000000" |passwd oldgirl –stdin
[[email protected] ~]# useradd oldgirl
[[email protected] ~]# echo "000000" |passwd oldgirl –stdin
切换到oldgirl用户
[[email protected] ~]# su - oldgirl
[[email protected] ~]# su - oldgirl
[[email protected] ~]# su - oldgirl
[[email protected] ~]# su – oldgirl
2、在m01管理机上生成私钥
[[email protected] ~]$ ssh-****** -t dsa
查看生成的私钥和公钥
[[email protected] ~]$ ll .ssh/
总用量 8
-rw------- 1 oldgirl oldgirl 672 4月 8 14:44 id_dsa
-rw-r--r-- 1 oldgirl oldgirl 601 4月 8 14:44 id_dsa.pub
非交互式一键生成私钥:
[[email protected] .ssh]$ ssh-****** -t dsa -P ''-f ~/.ssh/id_dsa &> /dev/null
3、m01分发公钥
[[email protected] ~]$ ssh-copy-id -i.ssh/id_dsa.pub [email protected]
[[email protected] ~]$ ssh-copy-id -i.ssh/id_dsa.pub [email protected]
[[email protected] ~]$ ssh-copy-id -i .ssh/id_dsa.pub[email protected]
4、测试
[[email protected] tmp]$ vim view_ip.sh
ssh [email protected] /usr/sbin/ifconfigens33
ssh [email protected] /usr/sbin/ifconfigens33
ssh [email protected] /usr/sbin/ifconfigens33
[[email protected] tmp]$ ./view_ip.sh
5、提权的方式
(1)以root身份创建ssh key(略)
(2)sudo提权
Root身份分别进入nfs01、backup、web01
添加sudoers授权:
echo 'oldgirl ALL=(ALL) NOPASSWD:/usr/bin/rsync,/usr/bin/cp' >> /etc/sudoers
切换到oldgirl用户
su – oldgirl
在m01管理机上操作:
[[email protected] ~]$ scp /etc/hosts [email protected]:~
或者使用rsync加密模式
[[email protected] ~]$ rsync -avz /etc/hosts -e'ssh' [email protected]:/tmp/
[[email protected] ~]$ ssh -t [email protected] sudo rsync ~/hosts /etc/hosts
(3)使用suid(了解,略)