对于管理员在管理几十甚至上百台的vps时,我们不可能一台台通过输入密码去登陆,这样的话效率太差。于是我们就想通过一台跳板机来管理,所有vps允许这台跳板机免密码登录。
结合之前写的一篇Centos搭建本地yum源文章,我们可以整理成一个脚本,只要在被管理的vps上运行脚本即可。
#!/bin/bash [ -f /etc/init.d/functions ] "&&" . /etc/init.d/functions ## 配置本地yum function configure() { ARCH=`/usr/bin/getconf LONG_BIT` REPOD="/etc/yum.repos.d" OSVER=`/bin/awk -F "[ .]" '{print $3}' /etc/redhat-release` ##获取系统版本是5或6 OSVER7=`/bin/awk -F "[ .]" '{print $4}' /etc/redhat-release` ##获取系统版本7 if [ "$(ls -A $REPOD)" ] ; then [ -d ${REPOD}/repos.old ] || /bin/mkdir ${REPOD}/repos.old /bin/mv ${REPOD}/*.repo ${REPOD}/repos.old/ -f fi if [ ${ARCH}x == 64x -a ${OSVER}x == 5x ] ; then /bin/cat ">>" ${REPOD}/CentOS-Base.repo "<<" EOF [base] name=CentOS-\$releasever - Base baseurl=http://ip:port/5/os/x86_64 gpgcheck=0 [updates] name=CentOS-\$releasever - Updates baseurl=http://ip:port/5/updates/x86_64 gpgcheck=0 [extras] name=CentOS-\$releasever - Extras baseurl=http://ip:port/5/extras/x86_64 gpgcheck=0 EOF elif [ ${ARCH}x == 64x -a ${OSVER}x == 6x ] ; then /bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF [base] name=CentOS-\$releasever - Base baseurl=http://ip:port/6/os/x86_64 gpgcheck=0 [updates] name=CentOS-\$releasever - Updates baseurl=http://ip:port/6/updates/x86_64 gpgcheck=0 [extras] name=CentOS-\$releasever - Extras baseurl=http://ip:port/6/extras/x86_64 gpgcheck=0 EOF elif [ ${ARCH}x == 64x -a ${OSVER7}x == 7x ] ; then /bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF [base] name=CentOS-\$releasever - Base baseurl=http://ip:port/7/os/x86_64 gpgcheck=0 [updates] name=CentOS-\$releasever - Updates baseurl=http://ip:port/7/updates/x86_64 gpgcheck=0 [extras] name=CentOS-\$releasever - Extras baseurl=http://ip:port/7/extras/x86_64 gpgcheck=0 EOF else echo "only support CentOS[5/6/7].x86_64" exit 1 fi } ##备份vps上原有的allow和deny文件 function disable() { /usr/bin/chattr -i /etc/hosts.allow /etc/hosts.deny /usr/bin/chattr -i /root/.ssh/authorized_keys /bin/cp /etc/hosts.allow /etc/hosts.allow."`date +%Y-%m-%d-%s`" /bin/cp /etc/hosts.deny /etc/hosts.deny."`date +%Y-%m-%d-%s`" /bin/sed -i 's/^[^#]/#/g' /etc/hosts.allow /etc/hosts.deny } ##把跳板机上的authorized_keys文件copy到vps上面 function authority(){ KEYDIR=/root/.ssh AUTHKEY="ssh-rsa *******== root@****" ##跳板机上的authorized_keys文件 if [ ! -e "$KEYDIR/authorized_keys" ]; then /bin/mkdir -p "$KEYDIR" /bin/chmod 700 $KEYDIR echo "$AUTHKEY" > "$KEYDIR"/authorized_keys /bin/chmod 600 "$KEYDIR"/authorized_keys else /bin/cp -a "$KEYDIR"/authorized_keys "$KEYDIR"/authorized_keys."`date +%Y-%m-%d-%s`" echo "$AUTHKEY" > "$KEYDIR"/authorized_keys /bin/chmod 600 "$KEYDIR"/authorized_keys fi } configure disable authority
如果有定制系统,可以把这个脚本放在安装项中,这样系统安装好了就可以直接通过跳板机免密登陆,而不要每次都手动运行这个脚本。
如果是使用中的vps,则可以运行下面命令安装脚本
wget -O - http://ip:port/***.sh | sh

聂扬帆博客
一个分享IT运维相关工作经验和实战技巧的个人博客
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏