轉載地址:http://oldboy.blog.51cto.com/2561410/1915017
1)首先做好SSH密鑰驗證(跳板機地址192.168.33.128)[root@oldboy~]# useradd jump #<==要在所有機器上操作。 [root@oldboy~]# echo 123456|passwd --stdin jump #<==要在所有機器上操作。 Changingpassword for user jump. passwd:all authentication tokens updated successfully.以下操作命令僅在跳板機上操作:
[root@oldboy~]# su - jump [jump@oldboy~]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 #<==生成密鑰對。 [jump@oldboy~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub 192.168.33.130 #<==將公鑰分發到其他服務器。 Theauthenticity of host '192.168.33.130 (192.168.33.130)' can't be established. RSA keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a. Are yousure you want to continue connecting (yes/no)? yes Warning:Permanently added '192.168.33.130' (RSA) to the list of known hosts. [email protected]'spassword: Now trylogging into the machine, with "ssh '192.168.33.130'", and check in: .ssh/authorized_keys to makesure we haven't added extra keys that you weren't expecting. [jump@oldboy~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub 192.168.33.129 #<==將公鑰分發到其他服務器。 Theauthenticity of host '192.168.33.129 (192.168.33.129)' can't be established. RSA keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a. Are yousure you want to continue connecting (yes/no)? yes Warning:Permanently added '192.168.33.129' (RSA) to the list of known hosts. [email protected]'spassword: Now trylogging into the machine, with "ssh '192.168.33.129'", and check in: .ssh/authorized_keys to makesure we haven't added extra keys that you weren't expecting.2)實現傳統的遠程連接菜單選擇腳本。
菜單腳本如下:
cat <<menu 1)oldboy-192.168.33.129 2)oldgirl-192.168.33.130 3)exit menu
3)利用linux信號防止用戶中斷信號在跳板機上操作。
functiontrapper () { trap ':' INT EXIT TSTP TERM HUP #<==屏蔽這些信號。 }4)用戶登錄跳板機後即調用腳本(不能命令行管理跳板機),並只能按管理員的要求選單。
以下爲實戰內容。
腳本放在跳板機上:
[root@oldboy~]# echo '[ $UID -ne 0 ] && . /server/scripts/jump.sh'>/etc/profile.d/jump.sh [root@oldboy~]# cat /etc/profile.d/jump.sh [ $UID-ne 0 ] && . /server/scripts/jump.sh [root@oldboyscripts]# cat /server/scripts/jump.sh #!/bin/sh #oldboy training trapper(){ trap ':' INT EXIT TSTP TERM HUP #<==定義需要屏蔽的信號,冒號表示啥都不做。 } main(){ while : do trapper clear cat<<menu 1)Web01-192.168.33.129 2)Web02-192.168.33.130 menu read -p"Pls input a num.:" num case"$num" in 1) echo 'login in 192.168.33.129.' ssh 192.168.33.129 ;; 2) echo 'login in 192.168.33.130.' ssh 192.168.33.130 ;; 110) read -p "your birthday:" char if [ "$char" = "0926"];then exit sleep 3 fi ;; *) echo "select error." esac done } main
執行效果如下:
[root@oldboy~]# su - jump #<==切到普通用戶即彈出菜單,工作中直接用jump登錄,即彈出菜單。 1)Web01-192.168.33.129 2)Web02-192.168.33.130 Pls inputa num.: 1)Web01-192.168.33.129 2)Web02-192.168.33.130 Pls inputa num.:1 #<==選1進入Web01服務器。 login in192.168.33.129. Lastlogin: Tue Oct 11 17:23:52 2016 from 192.168.33.128 [jump@littleboy~]$ #<==按ctrl+d退出到跳板機服務器再次彈出菜單。 1)Web01-192.168.33.129 2)Web02-192.168.33.130 Pls inputa num.:2 #<==選2進入Web02服務器。 login in192.168.33.130. Lastlogin: Wed Oct 12 23:30:14 2016 from 192.168.33.128 [jump@oldgirl~]$ #<==按ctrl+d退出到跳板機服務器再次彈出菜單。 1)Web01-192.168.33.129 2)Web02-192.168.33.130 Pls inputa num.:110 #<==選110進入跳板機命令提示符。 yourbirthday:0926 #<==需要輸入特別碼才能進入的,這裏管理員通道,密碼要保密呦。 [root@oldboyscripts]# #<==跳板機管理命令行。