主机网络参数设置
主机名 网卡 默认网关 用途
A-server 192.168.138.129 192.168.138.1 中心分发服务器
B-server 192.168.138.130 192.168.138.1 接收节点服务器
C-server 192.168.138.131 192.168.138.1 接收节点服务器
2.11 具体需求
要求所用服务器在同一个用户kuzmay系统用户下,实现 A 机器从本地分发数据到B C机器上,在分发过程中不需要 B C 的提示系统密码验证,除了分发还需要可以批量查看客户机上的cpu,load, mem 系统版本等使用信息
即实现从A服务器发布数据到B C客户端服务器或查看信息的免密码登陆验证解决方案分发数据流方式如下:
A-------------B
A------------C
提示:形象比喻,即一把钥匙(A)开多把锁(B/C)
3.1 添加账号
企业环境,很多用直接用root 用户来操作,这样不规范也不安全,如果禁止了root远程连接,这个方法就无用 了
在部署密钥之前,先分别在A、B、C 服务器上添加好kuzmaY用户并设置密码,然后,通过kuzmay用户来实现多个服务器之间免密码登陆,以A 服务器为例
[root@ser-A ~]# useradd kuzmay
[root@ser-A ~]# echo "123456"|passwd --stdin kuzmay
Changing password for user kuzmay.
passwd: all authentication tokens updated successfully.
[root@ser-A ~]# id kuzmay
uid=1003(kuzmay) gid=1003(kuzmay) groups=1003(kuzmay)
4.1 开始部署
操作前备份,操作后检查
4.1.1生成密钥对
[root@ser-A ~]# su - kuzmay
[kuzmay@ser-A ~]$ su - kuzmay
[kuzmay@ser-A ~]$ whoami
kuzmay
[kuzmay@ser-A ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/kuzmay/.ssh/id_dsa):
Created directory '/home/kuzmay/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kuzmay/.ssh/id_dsa.
Your public key has been saved in /home/kuzmay/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:HW0Xusq+85cchx4Ggli6blyrcrm1z19ZgAurP82cDwQ kuzmay@ser-A
The key's randomart image is:
+---[DSA 1024]----+
| . |
| . . o . |
| + .E = o |
| o ...*.+ . |
| .S o.+. ..|
| . .o o =o.|
| o oo.o+.=o= |
| . *..=o =o= |
| +oo..**oo. |
+----[SHA256]-----+
[kuzmay@ser-A ~]$ ll ~/ -al
total 12
drwx------ 3 kuzmay kuzmay 70 Jun 2 21:58 .
drwxr-xr-x. 4 root root 29 Jun 2 21:43 ..
-rw-r--r-- 1 kuzmay kuzmay 18 Apr 10 20:53 .bash_logout
-rw-r--r-- 1 kuzmay kuzmay 193 Apr 10 20:53 .bash_profile
-rw-r--r-- 1 kuzmay kuzmay 231 Apr 10 20:53 .bashrc
drwx------ 2 kuzmay kuzmay 36 Jun 2 21:58 .ssh
[kuzmay@ser-A ~]$ ls -l .ssh/
total 8
-rw------- 1 kuzmay kuzmay 672 Jun 2 21:58 id_dsa
-rw-r--r-- 1 kuzmay kuzmay 602 Jun 2 21:58 id_dsa.pub
如果ssh不是默认的端口22,需要
ssh-copy-id -i .ssh/id_dsa.pub “-p52113kuzmay@192.168.128.130”
[kuzmay@ser-A ~]$ ssh-copy-id -i .ssh/id_dsa.pub kuzmay@192.168.138.130
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"
The authenticity of host '192.168.138.130 (192.168.138.130)' can't be established.
ECDSA key fingerprint is SHA256:qvUounT764wbMCjOgN9siZA+XA4lSb7mIvPIWKDBBrg.
ECDSA key fingerprint is MD5:56:5c:d1:16:7c:e7:36:e1:7c:68:d7:3b:a7:06:01:9c.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
kuzmay@192.168.138.130's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'kuzmay@192.168.138.130'"
and check to make sure that only the key(s) you wanted were added.
查看B发过去的状态
[kuzmay@ser-B ~]$ ll .ssh/
total 4
-rw------- 1 kuzmay kuzmay 602 Jun 2 22:11 authorized_keys
连接两台服务器(B/C)测试
[kuzmay@ser-A ~]$ ssh -p 22 kuzmay@192.168.138.131
Last login: Sat Jun 2 23:23:34 2018 from 192.168.138.130
[kuzmay@ser-C ~]$ logout
Connection to 192.168.138.131 closed.
[kuzmay@ser-A ~]$ ssh -p 22 kuzmay@192.168.138.130
Last login: Sat Jun 2 22:23:28 2018 from 192.168.138.129
[kuzmay@ser-B ~]$ logout
Connection to 192.168.138.130 closed.
[kuzmay@ser-A ~]$
测试
[kuzmay@ser-A ~]$ echo 123 >a.txt
[kuzmay@ser-A ~]$ cat a.txt
123
[kuzmay@ser-A ~]$ scp -P 22 a.txtkuzmay@192.168.138.130:~ (拷贝到它的家目录)
a.txt 100% 4 0.6KB/s 00:00
5、写个shell脚本
[kuzmay@ser-A ~]$ vim fenfa.sh
[kuzmay@ser-A ~]$ cp a.txt b.txt
[kuzmay@ser-A ~]$ cat fenfa.sh
#!/bin/bash
for i in 130 131
do
scp -P 22 $1 kuzmay@192.168.138.$i:~
done
[kuzmay@ser-A ~]$ /bin/bash fenfa.sh b.txt
b.txt 100% 4 1.6KB/s 00:00
b.txt 100% 4 2.5KB/s 00:00
[kuzmay@ser-A ~]$ cat fenfa1.sh
#!/bin/bash
./etc/init.d/functions
file="$1"
remote_dir="$2"
if [ $# -ne 2 ];then
echo"usage:$0 argv1 argv2"
echo "must have two argvs."
exit
fi
for i in 130 131
do
scp -P 22 $1 kuzmay@192.168.138.$i:~
done
[kuzmay@ser-A ~] ssh -p22 kuzmay @192.168.138.130 sudo /bin/cp ~/hosts /etc/hosts
Sudo :sorry, you must have a tty to run sudo
[kuzmay@ser-A ~] ssh -p22 -t kuzmay @192.168.138.130 sudo /bin/cp ~/hosts /etc/hosts