你的位置:首页 > 操作系统

[操作系统]SSH批量部署服务


SSH批量部署服务

1.1在NFS上作为中心分发服务器将私钥分发到其他服务器上

1.1.1NFS部署

 

 1 [root@nfs-server ~]# useradd zhurui 2 [root@nfs-server ~]# echo 123456|passwd --stdin zhurui 3 Changing password for user zhurui. 4 passwd: all authentication tokens updated successfully. 5 创建密码对: 6 [root@nfs-server ~]# su - zhurui   ##切换到zhurui用户下,以后批量分发都在当前用户下,安全考虑 7 [zhurui@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘钥的工具,-t参数指建立秘钥的类型,这里建立dsa类型秘钥(还有一种类型的秘钥为RSA,两者加密算法有区别) 8 Generating public/private dsa key pair. 9 Enter file in which to save the key (/home/zhurui/.ssh/id_dsa): 10 Created directory '/home/zhurui/.ssh'.11 Enter passphrase (empty for no passphrase): 12 Enter same passphrase again: 13 Your identification has been saved in /home/zhurui/.ssh/id_dsa.14 Your public key has been saved in /home/zhurui/.ssh/id_dsa.pub.15 The key fingerprint is:16 6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc zhurui@nfs-server17 The key's randomart image is:18 +--[ DSA 1024]----+19 |     o o.  |20 |     *.   |21 |      *+  |22 |     +++  |23 |    So.=o  |24 |    ...+o  |25 |    . +.   |26 |   . ..o.   |27 |   Eo  o.  |28 +-----------------+29 [zhurui@nfs-server ~]$ 30 [zhurui@nfs-server ~]$ ls -l .ssh/31 total 832 -rw-------. 1 zhurui zhurui 672 Mar 5 04:23 id_dsa  ##私钥33 -rw-r--r--. 1 zhurui zhurui 607 Mar 5 04:23 id_dsa.pub ##公钥34 将公钥分发给web-lamp01服务器35 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.12 ##将公钥分发给1.12服务器36 The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.37 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.38 Are you sure you want to continue connecting (yes/no)? yes39 Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.40 Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring41 zhurui@192.168.1.12's password: 42 Permission denied, please try again.43 zhurui@192.168.1.12's password: 44 Now try logging into the machine, with "ssh 'zhurui@192.168.1.12'", and check in:45 46  .ssh/authorized_keys47 48 to make sure we haven't added extra keys that you weren't expecting.49 50 [zhurui@nfs-server ~]$ 

 

1.1.2 web-lnmp02客户端分发部署

 1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.13 ##将公钥分发到1.13服务器 2 The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts. 6 Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring 7 zhurui@192.168.1.13's password:  8 Now try logging into the machine, with "ssh 'zhurui@192.168.1.13'", and check in: 9 10  .ssh/authorized_keys11 12 to make sure we haven't added extra keys that you weren't expecting.13 14 [zhurui@nfs-server ~]$ 

1.1.3 rsync-backup客户端分发部署

 

 1 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.17 2 The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established. 3 RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5. 4 Are you sure you want to continue connecting (yes/no)? yes 5 Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts. 6 zhurui@192.168.1.17's password:  7 Now try logging into the machine, with "ssh 'zhurui@192.168.1.17'", and check in: 8  9  .ssh/authorized_keys10 11 to make sure we haven't added extra keys that you weren't expecting.12 13 [zhurui@nfs-server ~]$ 

 

2.1在NFS上测试

2.1.1 通过ssh命令在当前机器上查看web-lamp01的IP地址

 

 1 [zhurui@nfs-server ~]$ ssh -P22 zhurui@192.168.1.12 /sbin/ifconfig eth0 2 eth0   Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3  3      inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0 4      inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link 5      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 6      RX packets:7701 errors:0 dropped:0 overruns:0 frame:0 7      TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0 8      collisions:0 txqueuelen:1000  9      RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB)10 注:在命令执行过程中,跳过输入密码的步骤11 接着分发文件测试:12 [zhurui@nfs-server ~]$ cp /etc/hosts13 hosts    hosts.allow hosts.deny  14 [zhurui@nfs-server ~]$ cp /etc/hosts .15 [zhurui@nfs-server ~]$ ll16 [zhurui@nfs-server ~]$ scp -P22 hosts zhurui@192.168.1.12:~ ##将当前目录下hosts文件分发到1.12家目录下17 hosts                     100% 243   0.2KB/s  00:00  18 [zhurui@nfs-server ~]$ 19 20 检查1.12上zhurui家目录下有无hosts文件21 [root@lamp01 zhurui]# cat /home/zhurui/hosts 22 127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4 23 ::1     localhost localhost.localdomain localhost6 localhost6.localdomain624 192.168.1.11 nfs-server25 192.168.1.17 backup26 192.168.1.12 lamp0127 192.168.1.13 lnmp0228 [root@lamp01 zhurui]# 29 通过脚本分发:30 [zhurui@nfs-server ~]$ sh fenfa.sh31 hosts                     100% 257   0.3KB/s  00:00  32 hosts                     100% 257   0.3KB/s  00:00  33 hosts                     100% 257   0.3KB/s  00:00 34  

 

批量管理脚本:

 

 1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4   then 5   echo "USAGE:$0 USAGE|COMMAND" 6   exit 1 7 fi 8 for n in 12 13 17 9 do10  ssh -p22 zhurui@192.168.1.$n $111 done12 13 ~     

 

 

 

批量分发脚本:

 

 1 #!/bin/sh 2 . /etc/init.d/functions 3  4 for n in 12 13 17 5 do 6  scp -P22 $1 zhurui@192.168.1.$n:~ &>/dev/null 7  if [ $? -eq 0 ] 8   then 9    action "fenfa $1 ok" /bin/true10   else11    action "fenfa $1 ok" /bin/false12  fi13 done14 15 ~   

 

利用分发脚本分发hosts文件

 

1 [zhurui@nfs-server ~]$ sh fenfa.sh hosts2 fenfa hosts ok                       [ OK ]3 fenfa hosts ok                       [ OK ]4 fenfa hosts ok                       [ OK ]5 [zhurui@nfs-server ~]$ 

 

优化后的分发脚本

 

 1 #!/bin/sh 2 . /etc/init.d/functions 3 if [ $# -ne 1 ] 4   then 5   echo "USAGE:$0 {FILENAME|DIRNAME}" 6   exit 1 7 fi 8 for n in 12 13 17 9 do10  scp -P22 -r $1 zhurui@192.168.1.$n:~ &>/dev/null11  if [ $? -eq 0 ]12   then13    action "fenfa $1 ok" /bin/true14   else15    action "fenfa $1 ok" /bin/false16  fi17 done