使用sshkey批量分发或批量备份、批量部署管理实践
使用sshkey批量分发/备份、批量部署管理实践
注释:该题在生产环境中的用途为,数据分发,发布程序,控制管理等。
题:有三台Linux机器,分别是A,B,C。完成一把钥匙多把锁的功能(A钥匙,B、C锁)的免密码登录部署。
如下所示:
A-->B
A-->C
图:。。。。
部署过程:
1、搭建前环境准备
A:192.168.0.253 centos6.6
B:192.168.0.252 centos6.6
C: 192.168.0.251 centos6.6
2、开始部署
(将交谈发送到全部窗口)连接软件设置
[zxin10@model ~]$ sudo su -
#添加用户和密码。
[root@model ~]# useradd sshkey
[root@model ~]# echo "sshkey"|passwd sshkey --stdin
Changing password for user sshkey.
passwd: all authentication tokens updated successfully.
[root@model ~]# tail -1 /etc/passwd
sshkey:x:501:501::/home/sshkey:/bin/bash
#使用ssh-keygen命令添加密钥
[root@model ~]# su - sshkey
[sshkey@model ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/sshkey/.ssh/id_dsa):
Created directory '/home/sshkey/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sshkey/.ssh/id_dsa.
Your public key has been saved in /home/sshkey/.ssh/id_dsa.pub.
The key fingerprint is:
66:ef:74:c4:55:91:32:de:35:93:91:54:5d:87:8d:df [email protected]
The key's randomart image is:
+--[ DSA 1024]----+
| .B#|
| ooB=|
| . =.=|
| . o .E|
| S o |
| o . . |
| o . |
| o . |
| . |
+-----------------+
#看到这两个文件id_dsa私钥,id_dsa.pub公钥
[sshkey@model ~]$ ls -l .ssh
total 8
-rw------- 1 sshkey sshkey 672 Jan 11 22:12 id_dsa
-rw-r--r-- 1 sshkey sshkey 606 Jan 11 22:12 id_dsa.pub
#A机器把公钥发到对应的机器(B、C)的对应用户(sshkey)家目录下。
#在A机器上单独执行:
[sshkey@model ~]$ ssh-copy-id -i .ssh/id_dsa.pub "-p 52113 [email protected]"
#查看对应的密码文件
A:机器如下:
[sshkey@model ~]$ ll ~/.ssh
total 12
-rw------- 1 sshkey sshkey 672 Jan 11 22:12 id_dsa
-rw-r--r-- 1 sshkey sshkey 606 Jan 11 22:12 id_dsa.pub
-rw-r--r-- 1 sshkey sshkey 806 Jan 11 22:20 known_hosts
B、C机器如下:
[sshkey@machine1 ~]$ ll ~/.ssh
total 12
-rw------- 1 sshkey sshkey 606 Jan 13 18:34 authorized_keys
-rw------- 1 sshkey sshkey 672 Jan 13 18:26 id_dsa
-rw-r--r-- 1 sshkey sshkey 609 Jan 13 18:26 id_dsa.pub
#测试成功
[sshkey@model ~]$ ssh -p52113 192.168.0.252 free -m
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!
total used free shared buffers cached
Mem: 1870 262 1608 0 46 109
-/+ buffers/cache: 105 1764
Swap: 2047 0 2047
[sshkey@model ~]$ ssh -p52113 192.168.0.251 free -m
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!
total used free shared buffers cached
Mem: 1870 114 1756 0 12 33
-/+ buffers/cache: 68 1802
Swap: 2047 0 2047
如何利用sshkey免密码登录实现批量分发文件?
#编写脚本copyall.sh
[sshkey@model scripts]$ cat copyall.sh
#!/bin/sh
. /etc/init.d/functions
SSHPORT=52113
[ $# -ne 1 ]&&exit 1
ARG=$1
for ip in 192.168.0.252 192.168.0.251
do
if [ -d $ARG ];then
echo "$ARG IS DIRACTORY.COPY ALL FILE!"
scp -r -P${SSHPORT} $ARG sshkey@${ip}:~
else
echo "$ARG IS A FILE.COPY IT !"
scp -P${SSHPORT} $ARG sshkey@${ip}:~
fi
if [ $? -eq 0 ];then
action "scp is ok" /bin/true
else
action "scp is error" /bin/false
fi
done
#注释:这是我自己写的脚本,还有一些可以完善的地方,IP写到文件里,然后遍历文件就可以实现批量分发,非常的便利。
#要拷贝的是文件的话,就直接拷贝该文件到sshkey家目录下。
[sshkey@model scripts]$ sh copyall.sh copyall.sh
copyall.sh IS A FILE.COPY IT !
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!
copyall.sh 100% 406 0.4KB/s 00:00
scp is ok [ OK ]
copyall.sh IS A FILE.COPY IT !
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!
copyall.sh 100% 406 0.4KB/s 00:00
scp is ok [ OK ]
#要拷贝的文件是目录的话,就拷贝该目录下的所有文件到sshkey家目录下。
[sshkey@model scripts]$ !sh
sh copyall.sh ../sshkeydir
../sshkeydir IS DIRACTORY.COPY ALL FILE!
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.252] failed - POSSIBLE BREAK-IN ATTEMPT!
sshkeytestfile.log 100% 0 0.0KB/s 00:00
test1.log 100% 0 0.0KB/s 00:00
scp is ok [ OK ]
../sshkeydir IS DIRACTORY.COPY ALL FILE!
reverse mapping checking getaddrinfo for promote.cache-dns.local [192.168.0.251] failed - POSSIBLE BREAK-IN ATTEMPT!
sshkeytestfile.log 100% 0 0.0KB/s 00:00
test1.log 100% 0 0.0KB/s 00:00
scp is ok [ OK ]
[sshkey@model scripts]$
Python爬虫全栈教学,零基础教你成编程大神
