說明
代碼使用和框架圖
Jumper_target_machine_v3.md腳本使用的框架圖:
Jumper_target_machine_v3.md腳本作用:
通過Jumper機器來創建Jumper和target機器賬號,完成target機器公鑰寫入,達到從電腦終端免密登錄target機器。
Jumper_target_machine_v3.md腳本使用:
-
(1)只能使用root賬戶執行;
-
(2)Jumper和target機器家目錄均指定到/data目錄下;
-
(3)臨時加載Jumper的root賬戶公鑰到target機器root賬戶下,腳本執行完之後,自動回收;
- (4)邏輯判斷Jumper和target機器是否存在待創建賬號;
Jumper_target_machine_v3.md腳本後期優化:
-
(1)對腳本中全局變量進行優化;
- (2)對腳本中一些目錄定義成全局變量,方便更改和使用;
代碼內容
cat Jumper_target_machine.sh
#!/bin/sh
#腳本作用
# This code is used to create and check users on the bigcloud springboard(jumper), while creating and creating users on the target machine.
# The trigger and target home directory is under /data(Jumper和Target機器家目錄均在/data目錄下)
# Code the author: wutf
# contact: xxxx
# date: 2019-06-12
#加載系統函數庫
. /etc/init.d/functions
#輸入待創建用戶的名字
read -p "Please enter the user you will be checking: " username
#定義判斷執行賬戶函數
function user(){
if [ $UID -ne 0 ];then
action "You are not root!!" /bin/false
exit 2
fi
}
#臨時存放Jumper pub到目標機auth
function add_jumper_pub(){
if [ -f /root/.ssh/id_rsa.pub ];then
ssh-copy-id root@${ip_array} >/dev/null 2>&1
else
cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null && ssh-copy-id root@${ip_array} >/dev/null 2>&1
fi
}
#清空目標機auth裏Jumper pub
function del_jumper_pub(){
root_pub_info=$(cat /root/.ssh/id_rsa.pub)
ssh root@${ip_array} "sed -i 's#$root_pub_info# #g' /root/.ssh/authorized_keys; sed -i -e s/^' '*//g -e /^$/d -e /^#/d /root/.ssh/authorized_keys"
}
#創建Jumper服務器用戶賬號
function jumper_add_user(){
useradd -d /data/$username -m $username
sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null; exit"
}
#檢查Jumper服務器上是否有待創建賬號,如無,則創建
function jumper_check_user(){
check_name=$(grep "$username" /etc/passwd|awk -F : '{print $6}')
if [ -z $check_name ];then
echo -e "\033[31m Jumper user $username is not exist \033[0m"
#action "Jumper starting create $username.......waiting~" /bin/true
echo -e "\033[32m Jumper starting create $username.......waiting~ \033[0m"
#導入jumper_add_user()函數
jumper_add_user
action "Jumper create $username is ok !" /bin/true
else
#action "Jumper user $username is exist" /bin/true
echo -e "\033[32m Jumper user $username is exist \033[0m"
fi
}
#創建Jumper和導入mac/windows本公鑰
function id_pub_txt(){
#查看Jumper和mac/windows本公鑰文件是否存在
Id_Pub_mac=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/authorized_keys
Id_Pub_Jumper=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/id_rsa.pub
if [ ! -f $Id_Pub_mac ];then
action "Jumper $username mac.pub is not exist" /bin/false
read -p "Please input the mac.pub of print you want: " computer
echo -e "\033[32m the mac.pub will write into authorized file..waiting.... \033[0m"
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys; echo -e $computer >> ~/.ssh/authorized_keys"
action "$username mac.pub has writed into authorized file!" /bin/true
#echo -e "\033[32m $username mac.pub has writed into authorized file! \033[0m"
else
# action "Jumper mac.pub is exist" /bin/true
echo -e "\033[32m Jumper mac.pub is exist \033[0m"
fi
if [ ! -f $Id_Pub_Jumper ];then
echo "Jumper $username jumper.pub is not exist"
#action "Jumper start creating $username pub.......waiting~" /bin/true
echo -e "\033[32m dl1 start creating $username pub.......waiting~ \033[0m"
sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null"
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
action "Jumper create $username pub is OK and Jumper pub has writed into authorized!" /bin/true
#echo -e "\033[32m dl1 create $username pub is OK and dl1_pub has writed into authorized! \033[0m"
else
# action "Jumper $username pub is exist" /bin/true
echo -e "\033[32m Jumper $username pub is exist \033[0m"
echo "$(cat $Id_Pub_mac)" | grep -q "$(cat $Id_Pub_Jumper)"
if [ $? -eq 0 ]; then
echo -e "\033[32m authorized has Jumper pub! \033[0m"
else
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
fi
action "Jumper pub has writed into authorized!" /bin/true
#echo -e "\033[32m Jumper pub has writed into authorized! \033[0m"
fi
}
#定義Jumper通過ssh登錄目標機服務器函數
#在目標機服務器上創建待創建用戶
#輸入目標機的IP地址
read -p "Please enter the IP address of the target machine you will log into:" ip_array
function ssh_servers(){
read -p "Please enter the create target machine account name: " target_username
#檢查目標機用戶id
ssh root@${ip_array} id -u $target_username >/dev/null 2>&1
if [ $? -eq 0 ];then
echo -e "\033[32m 目標機服務器用戶 $target_username 已經存在 \033[0m"
else
echo -e "\033[32m 目標機服務器上將創建待創建用戶 $target_username \033[0m"
ssh root@${ip_array} "useradd -d /data/$target_username -m $target_username; exit"
ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null'"
ssh root@${ip_array} "sudo -S su - $target_username -c 'touch /data/$target_username/.ssh/authorized_keys && chmod 600 /data/$target_username/.ssh/authorized_keys;exit'"
action "標機服務器上待創建用戶 $target_username 創建完畢!" /bin/true
fi
}
#拷貝Jumper上authorized_keys文件至目標機服務器待創建賬戶並更改所屬主組
function scp_authorized(){
scp -q /data/$username/.ssh/authorized_keys root@${ip_array}:/data/$target_username/.ssh/auth_tmp
ssh root@${ip_array} "chmod 777 /data/$target_username/.ssh/auth_tmp; exit"
ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /data/$target_username/.ssh/auth_tmp >> /data/$target_username/.ssh/authorized_keys && rm -rf /data/$target_username/.ssh/auth_tmp'; exit"
ssh root@${ip_array} "chown -R $target_username:$target_username /data/$target_username/.ssh; exit"
action "Jumper上authorized_keys文件已傳至目標機服務器" /bin/true
}
#總函數執行流程,在Jumper服務器執行
function main(){
user
add_jumper_pub
jumper_check_user
id_pub_txt $computer
ssh_servers
scp_authorized
del_jumper_pub
}
main $*