Linux跳板机免密管理vps脚本

对于管理员在管理几十甚至上百台的vps时,我们不可能一台台通过输入密码去登陆,这样的话效率太差。于是我们就想通过一台跳板机来管理,所有vps允许这台跳板机免密码登录。

结合之前写的一篇Centos搭建本地yum源文章,我们可以整理成一个脚本,只要在被管理的vps上运行脚本即可。

#!/bin/bash

[ -f /etc/init.d/functions ] "&&" . /etc/init.d/functions

## 配置本地yum
function configure() {
ARCH=`/usr/bin/getconf LONG_BIT`
REPOD="/etc/yum.repos.d"
OSVER=`/bin/awk -F "[ .]" '{print $3}' /etc/redhat-release` ##获取系统版本是5或6
OSVER7=`/bin/awk -F "[ .]" '{print $4}' /etc/redhat-release` ##获取系统版本7
if [ "$(ls -A $REPOD)" ] ; then
[ -d ${REPOD}/repos.old ] || /bin/mkdir ${REPOD}/repos.old
/bin/mv ${REPOD}/*.repo ${REPOD}/repos.old/ -f
fi
if [ ${ARCH}x == 64x -a ${OSVER}x == 5x ] ; then
 /bin/cat ">>" ${REPOD}/CentOS-Base.repo "<<" EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/5/os/x86_64
gpgcheck=0
 
[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/5/updates/x86_64
gpgcheck=0

[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/5/extras/x86_64
gpgcheck=0
EOF
elif [ ${ARCH}x == 64x -a ${OSVER}x == 6x ] ; then
 /bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/6/os/x86_64
gpgcheck=0

[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/6/updates/x86_64
gpgcheck=0

[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/6/extras/x86_64
gpgcheck=0
EOF
elif [ ${ARCH}x == 64x -a ${OSVER7}x == 7x ] ; then
 /bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/7/os/x86_64
gpgcheck=0

[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/7/updates/x86_64
gpgcheck=0

[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/7/extras/x86_64
gpgcheck=0
EOF
else
 echo "only support CentOS[5/6/7].x86_64"
 exit 1
fi
}
##备份vps上原有的allow和deny文件
function disable() {
 /usr/bin/chattr -i /etc/hosts.allow /etc/hosts.deny
 /usr/bin/chattr -i /root/.ssh/authorized_keys
 /bin/cp /etc/hosts.allow /etc/hosts.allow."`date +%Y-%m-%d-%s`"
 /bin/cp /etc/hosts.deny /etc/hosts.deny."`date +%Y-%m-%d-%s`"
 /bin/sed -i 's/^[^#]/#/g' /etc/hosts.allow /etc/hosts.deny
}
##把跳板机上的authorized_keys文件copy到vps上面
function authority(){
KEYDIR=/root/.ssh
AUTHKEY="ssh-rsa *******== [email protected]****"  ##跳板机上的authorized_keys文件
if [ ! -e "$KEYDIR/authorized_keys" ]; then
 /bin/mkdir -p "$KEYDIR"
 /bin/chmod 700 $KEYDIR
 echo "$AUTHKEY" > "$KEYDIR"/authorized_keys
 /bin/chmod 600 "$KEYDIR"/authorized_keys
else
 /bin/cp -a "$KEYDIR"/authorized_keys "$KEYDIR"/authorized_keys."`date +%Y-%m-%d-%s`"
 echo "$AUTHKEY" > "$KEYDIR"/authorized_keys
 /bin/chmod 600 "$KEYDIR"/authorized_keys
fi
}
configure
disable
authority
 

如果有定制系统,可以把这个脚本放在安装项中,这样系统安装好了就可以直接通过跳板机免密登陆,而不要每次都手动运行这个脚本。

如果是使用中的vps,则可以运行下面命令安装脚本

wget -O - http://ip:port/***.sh | sh

weinxin
聂扬帆博客
一个分享IT运维相关工作经验和实战技巧的个人博客

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: