对于管理员在管理几十甚至上百台的vps时,我们不可能一台台通过输入密码去登陆,这样的话效率太差。于是我们就想通过一台跳板机来管理,所有vps允许这台跳板机免密码登录。
结合之前写的一篇Centos搭建本地yum源文章,我们可以整理成一个脚本,只要在被管理的vps上运行脚本即可。
#!/bin/bash
[ -f /etc/init.d/functions ] "&&" . /etc/init.d/functions
## 配置本地yum
function configure() {
ARCH=`/usr/bin/getconf LONG_BIT`
REPOD="/etc/yum.repos.d"
OSVER=`/bin/awk -F "[ .]" '{print $3}' /etc/redhat-release` ##获取系统版本是5或6
OSVER7=`/bin/awk -F "[ .]" '{print $4}' /etc/redhat-release` ##获取系统版本7
if [ "$(ls -A $REPOD)" ] ; then
[ -d ${REPOD}/repos.old ] || /bin/mkdir ${REPOD}/repos.old
/bin/mv ${REPOD}/*.repo ${REPOD}/repos.old/ -f
fi
if [ ${ARCH}x == 64x -a ${OSVER}x == 5x ] ; then
/bin/cat ">>" ${REPOD}/CentOS-Base.repo "<<" EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/5/os/x86_64
gpgcheck=0
[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/5/updates/x86_64
gpgcheck=0
[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/5/extras/x86_64
gpgcheck=0
EOF
elif [ ${ARCH}x == 64x -a ${OSVER}x == 6x ] ; then
/bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/6/os/x86_64
gpgcheck=0
[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/6/updates/x86_64
gpgcheck=0
[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/6/extras/x86_64
gpgcheck=0
EOF
elif [ ${ARCH}x == 64x -a ${OSVER7}x == 7x ] ; then
/bin/cat ">>"${REPOD}/CentOS-Base.repo "<<"EOF
[base]
name=CentOS-\$releasever - Base
baseurl=http://ip:port/7/os/x86_64
gpgcheck=0
[updates]
name=CentOS-\$releasever - Updates
baseurl=http://ip:port/7/updates/x86_64
gpgcheck=0
[extras]
name=CentOS-\$releasever - Extras
baseurl=http://ip:port/7/extras/x86_64
gpgcheck=0
EOF
else
echo "only support CentOS[5/6/7].x86_64"
exit 1
fi
}
##备份vps上原有的allow和deny文件
function disable() {
/usr/bin/chattr -i /etc/hosts.allow /etc/hosts.deny
/usr/bin/chattr -i /root/.ssh/authorized_keys
/bin/cp /etc/hosts.allow /etc/hosts.allow."`date +%Y-%m-%d-%s`"
/bin/cp /etc/hosts.deny /etc/hosts.deny."`date +%Y-%m-%d-%s`"
/bin/sed -i 's/^[^#]/#/g' /etc/hosts.allow /etc/hosts.deny
}
##把跳板机上的authorized_keys文件copy到vps上面
function authority(){
KEYDIR=/root/.ssh
AUTHKEY="ssh-rsa *******== root@****" ##跳板机上的authorized_keys文件
if [ ! -e "$KEYDIR/authorized_keys" ]; then
/bin/mkdir -p "$KEYDIR"
/bin/chmod 700 $KEYDIR
echo "$AUTHKEY" > "$KEYDIR"/authorized_keys
/bin/chmod 600 "$KEYDIR"/authorized_keys
else
/bin/cp -a "$KEYDIR"/authorized_keys "$KEYDIR"/authorized_keys."`date +%Y-%m-%d-%s`"
echo "$AUTHKEY" > "$KEYDIR"/authorized_keys
/bin/chmod 600 "$KEYDIR"/authorized_keys
fi
}
configure
disable
authority如果有定制系统,可以把这个脚本放在安装项中,这样系统安装好了就可以直接通过跳板机免密登陆,而不要每次都手动运行这个脚本。
如果是使用中的vps,则可以运行下面命令安装脚本
wget -O - http://ip:port/***.sh | sh
聂扬帆博客
一个分享IT运维相关工作经验和实战技巧的个人博客
您可以选择一种方式赞助本站
支付宝扫一扫赞助
微信钱包扫描赞助
赏