主机网络参数设置 

主机名         网卡          默认网关       用途

A-server       192.168.138.129     192.168.138.1   中心分发服务器

 

B-server       192.168.138.130     192.168.138.1   接收节点服务器

 

C-server       192.168.138.131     192.168.138.1   接收节点服务器

 

2.11 具体需求

 

要求所用服务器在同一个用户kuzmay系统用户下,实现 机器从本地分发数据到B C机器上,在分发过程中不需要 B  C 的提示系统密码验证,除了分发还需要可以批量查看客户机上的cpuload, mem 系统版本等使用信息

即实现从A服务器发布数据到B C客户端服务器或查看信息的免密码登陆验证解决方案分发数据流方式如下:

 

A-------------B

A------------C

提示:形象比喻,即一把钥匙(A)开多把锁(B/C

3.1 添加账号

   企业环境,很多用直接用root 用户来操作,这样不规范也不安全,如果禁止了root远程连接,这个方法就无用 

   在部署密钥之前,先分别在AB服务器上添加好kuzmaY用户并设置密码,然后,通过kuzmay用户来实现多个服务器之间免密码登陆,以服务器为例

 

[root@ser-A ~]# useradd kuzmay

[root@ser-A ~]# echo "123456"|passwd --stdin kuzmay

Changing password for user kuzmay.

passwd: all authentication tokens updated successfully.

[root@ser-A ~]# id kuzmay

uid=1003(kuzmay) gid=1003(kuzmay) groups=1003(kuzmay)

 

4.1  开始部署

   操作前备份,操作后检查

4.1.1生成密钥对

 

[root@ser-A ~]# su - kuzmay

[kuzmay@ser-A ~]$ su - kuzmay

[kuzmay@ser-A ~]$ whoami

kuzmay

[kuzmay@ser-A ~]$ ssh-keygen -t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/kuzmay/.ssh/id_dsa):

Created directory '/home/kuzmay/.ssh'.

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/kuzmay/.ssh/id_dsa.

Your public key has been saved in /home/kuzmay/.ssh/id_dsa.pub.

The key fingerprint is:

SHA256:HW0Xusq+85cchx4Ggli6blyrcrm1z19ZgAurP82cDwQ kuzmay@ser-A

The key's randomart image is:

+---[DSA 1024]----+

|              .  |

|        .  . o . |

|       + .E = o  |

|      o ...*.+ . |

|       .S o.+. ..|

|      . .o o  =o.|

|     o oo.o+.=o= |

|    . *..=o =o=  |

|     +oo..**oo.  |

+----[SHA256]-----+

[kuzmay@ser-A ~]$ ll ~/ -al

total 12

drwx------  3 kuzmay kuzmay  70 Jun  2 21:58 .

drwxr-xr-x. 4 root   root    29 Jun  2 21:43 ..

-rw-r--r--  1 kuzmay kuzmay  18 Apr 10 20:53 .bash_logout

-rw-r--r--  1 kuzmay kuzmay 193 Apr 10 20:53 .bash_profile

-rw-r--r--  1 kuzmay kuzmay 231 Apr 10 20:53 .bashrc

drwx------  2 kuzmay kuzmay  36 Jun  2 21:58 .ssh

[kuzmay@ser-A ~]$ ls -l .ssh/

total 8

-rw------- 1 kuzmay kuzmay 672 Jun  2 21:58 id_dsa    

-rw-r--r-- 1 kuzmay kuzmay 602 Jun  2 21:58 id_dsa.pub 

 

如果ssh不是默认的端口22,需要

ssh-copy-id -i .ssh/id_dsa.pub -p52113kuzmay@192.168.128.130   

 

[kuzmay@ser-A ~]$ ssh-copy-id -i .ssh/id_dsa.pub kuzmay@192.168.138.130

/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_dsa.pub"

The authenticity of host '192.168.138.130 (192.168.138.130)' can't be established.

ECDSA key fingerprint is SHA256:qvUounT764wbMCjOgN9siZA+XA4lSb7mIvPIWKDBBrg.

ECDSA key fingerprint is MD5:56:5c:d1:16:7c:e7:36:e1:7c:68:d7:3b:a7:06:01:9c.

Are you sure you want to continue connecting (yes/no)? yes

/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

kuzmay@192.168.138.130's password:

 

Number of key(s) added: 1

 

Now try logging into the machine, with:   "ssh 'kuzmay@192.168.138.130'"

and check to make sure that only the key(s) you wanted were added.

 

 

查看B发过去的状态

[kuzmay@ser-B ~]$ ll .ssh/

total 4

-rw------- 1 kuzmay kuzmay 602 Jun  2 22:11 authorized_keys

 

连接两台服务器(B/C)测试

 

[kuzmay@ser-A ~]$ ssh -p 22 kuzmay@192.168.138.131

Last login: Sat Jun  2 23:23:34 2018 from 192.168.138.130

[kuzmay@ser-C ~]$ logout

Connection to 192.168.138.131 closed.

[kuzmay@ser-A ~]$ ssh -p 22 kuzmay@192.168.138.130

Last login: Sat Jun  2 22:23:28 2018 from 192.168.138.129

[kuzmay@ser-B ~]$ logout

Connection to 192.168.138.130 closed.

[kuzmay@ser-A ~]$

 

 

测试

[kuzmay@ser-A ~]$ echo 123 >a.txt

[kuzmay@ser-A ~]$ cat a.txt

123

[kuzmay@ser-A ~]$ scp -P 22 a.txtkuzmay@192.168.138.130:~ (拷贝到它的家目录)

a.txt        100%    4     0.6KB/s   00:00    

 

5、写个shell脚本

[kuzmay@ser-A ~]$ vim fenfa.sh

[kuzmay@ser-A ~]$ cp a.txt b.txt

[kuzmay@ser-A ~]$ cat fenfa.sh

#!/bin/bash

for i in 130 131

do

scp -P 22 $1 kuzmay@192.168.138.$i:~


done

 

[kuzmay@ser-A ~]$ /bin/bash fenfa.sh b.txt

b.txt         100%    4     1.6KB/s   00:00    

b.txt         100%    4     2.5KB/s   00:00   

[kuzmay@ser-A ~]$ cat fenfa1.sh

#!/bin/bash

./etc/init.d/functions

file="$1"  

remote_dir="$2"  

if [ $# -ne 2 ];then 

echo"usage:$0 argv1 argv2"

echo "must have two argvs."

exit

fi

for i in 130 131

do

scp -P 22 $1 kuzmay@192.168.138.$i:~

done


[kuzmay@ser-A ~] ssh -p22 kuzmay @192.168.138.130 sudo /bin/cp  ~/hosts /etc/hosts

Sudo :sorry, you must have a tty to run sudo

[kuzmay@ser-A ~] ssh -p22  -t  kuzmay @192.168.138.130 sudo /bin/cp  ~/hosts /etc/hosts

ssh key 企业批量分发实战案例_java