题目:实现,将A服务器/data目录下的heaven.txt文件分发到B、C服务器的/etc目录下:(不允许使用ROOT账户)

解答:

1、思考,若实现问题中的效果,有3种办法,

①使用root用户

②使用sudo提权

③使用suid

实际生产中,还是使用sudo比较靠谱

2、在3台服务器中分别建立heavenfish账户,并提权,使heavenfish账户具有sudo cp 的权限。


开始答题:

##首先建立秘钥对,让服务器之间互相传文件不需要密码


[heavenfish@A ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/heavenfish/.ssh/id_dsa): 

Enter passphrase (empty for no passphrase): 

Enter same passphrase again: 

Your identification has been saved in /home/heavenfish/.ssh/id_dsa.

Your public key has been saved in /home/heavenfish/.ssh/id_dsa.pub.

The key fingerprint is:

7a:be:bf:a9:ad:18:ff:09:6b:79:51:cf:3b:9a:8d:5b heavenfish@A

The key's randomart p_w_picpath is:

+--[ DSA 1024]----+

|                 |

|                 |

|                 |

|            .    |

|        S  . o   |

|       .  .   o  |

|      o o. .  E. |

|       *o+.o =o  |

|      ..BBB.=o.. |

+-----------------+

##在家目录的.ssh目录下,产生私钥和公钥

[heavenfish@A ~]$ cd ~/.ssh/

[heavenfish@A ~]$ ls -l

total 12

-rw------- 1 heavenfish heavenfish 668 Aug 25 21:22 id_dsa              ##私钥

-rw-r--r-- 1 heavenfish heavenfish 602 Aug 25 21:22 id_dsa.pub     ##公钥

###将公钥发送给B C

[heavenfish@A .ssh]$ ssh-copy-id -i id_dsa.pub "-p 52113 heavenfish@192.168.100.62"

The authenticity of host '[192.168.100.62]:52113 ([192.168.100.62]:52113)' can't be established.

RSA key fingerprint is 4b:f2:a3:20:e4:76:5c:3a:5c:98:4e:07:ee:1a:93:34.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[192.168.100.62]:52113' (RSA) to the list of known hosts.

heavenfish@192.168.100.62's password: 

Now try logging into the machine, with "ssh '-p 52113 heavenfish@192.168.100.62'", and check in:


  .ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.

[heavenfish@A .ssh]$ ssh-copy-id -i id_dsa.pub "-p 52113 heavenfish@192.168.100.63"

The authenticity of host '[192.168.100.63]:52113 ([192.168.100.63]:52113)' can't be established.

RSA key fingerprint is 4b:f2:a3:20:e4:76:5c:3a:5c:98:4e:07:ee:1a:93:34.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[192.168.100.63]:52113' (RSA) to the list of known hosts.

heavenfish@192.168.100.63's password: 

Now try logging into the machine, with "ssh '-p 52113 heavenfish@192.168.100.63'", and check in:


  .ssh/authorized_keys


to make sure we haven't added extra keys that you weren't expecting.


###然后写脚本,将/data 目录下的heaven.txt文件发送到B C 的/etc下

[heavenfish@A ~]$ vi fenfa.sh 

#!/bin/sh

. /etc/init.d/functions

if [ $# -ne 2 ]

        then

        echo "USEGE:$0 arg1 arg2"

        exit

fi

for n in 62.63

do

        scp -P52113 -p $1 192.168.100.$n:~ >/dell/null 2>&1

        ssh -p52113 -t 192.168.100.$n sudo cp ~/$1 $2 >/dev/null 2>&1

        if [ $? -eq 0 ]

        then

                action "192.168.100.$n exec is ok" /bin/true

        else

                action "192.168.100.$n exec is no" /bin/false

        fi

done

保存

************特别提示:需要先把文件复制到家目录下 要不然是失败的****************

[heavenfish@A ~]$ sh fenfa.sh /data/heaven.txt /etc/

192.168.100.62 exec is no                                  [FAILED]

192.168.100.63 exec is no                                  [FAILED]


[heavenfish@A ~]$ cp /data/heaven.txt .

[heavenfish@A ~]$ sh fenfa.sh heaven.txt /etc/

192.168.100.62 exec is ok                                  [  OK  ]

192.168.100.63 exec is ok                                  [  OK  ]

以上,成功了!