準備3台機器
1.linux-node1 ip:10.89.3.108 (跳闆機)
2.weblamp ip:10.89.3.100
3.weblnmp ip:10.89.3.101
3台系統環境如下:
[jump@linux-node1 ~]$ cat /etc/redhat-release
CentOS release 6.8 (Final) 1)首先做好SSH密鑰驗證
在所有的3台機器上執行下面操作
[root@linux-node1 ~]#useradd jump
[root@linux-node1 ~]#echo 123456|passwd --stdin jump 在跳闆機上執行下面操作,生成密鑰。
[jump@linux-node1 ~]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa Generating public/private dsa key pair.
Created directory '/home/jump/.ssh'.
Your identification has been saved in /home/jump/.ssh/id_dsa.
Your public key has been saved in /home/jump/.ssh/id_dsa.pub.
The key fingerprint is:
15:4d:94:d8:a8:0d:e9:d4:e1:70:09:0c:8b:de:2c:96 [email protected]
The key's randomart p_w_picpath is:
+--[ DSA 1024]----+
| .oo++Xo. |
| . .=+=.+ |
| . .o +o |
| . + o.. |
| E o S |
| . . |
| |
+-----------------+
檢視生成的密鑰
[jump@linux-node1 ~]$ ll /home/jump/.ssh total 8
-rw------- 1 jump jump 672 Apr 12 09:49 id_dsa
-rw-r--r-- 1 jump jump 618 Apr 12 09:49 id_dsa.pub (公鑰)
将公鑰分發到其他2台伺服器
[jump@linux-node1 ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub 10.89.3.101 The authenticity of host '10.89.3.101 (10.89.3.101)' can't be established.
RSA key fingerprint is 01:e7:d2:70:fc:a8:1a:ee:88:07:ef:9b:37:40:29:2d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.89.3.101' (RSA) to the list of known hosts.
[email protected]'s password: (此處輸入的是jump的密碼)
Now try logging into the machine, with "ssh '10.89.3.101'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[jump@linux-node1 ~]$
2)實作傳統的遠端連接配接菜單選擇腳本
菜單腳本如下:
cat <<menu
1)weblamp-10.89.3.100
2)weblnmp-10.89.3.101
3)administrator
menu
3)利用linux 信号屏蔽防止使用者中斷信号在跳闆機上操作
function trapper(){
trap ':' INT EXIT TSTP TERM HUP
}
4)使用者登入跳闆機後即調用腳本(不能使用指令行管理跳闆機),并隻能按管理者的要求選單
腳本如下(跳闆機上操作)
[root@linux-node1 ~]# cat /etc/profile.d/jump.sh
[ $UID -ne 0 ] && /server/scripts/jump.sh [root@linux-node1 ~]# cat /server/scripts/jump.sh #!/bin/bash
#Alvin training
trapper(){
trap ':' INT EXIT TSTP TERM HUP
}
main(){
while :
do
trapper
clear
cat <<menu
1)weblamp-10.89.3.100
2)weblnmp-10.89.3.101
3)administrator
menu
read -p "Pls input a num.:" num
case "$num" in
1)
echo "login in 10.89.3.100"
ssh 10.89.3.100
;;
2)
echo "login in 10.89.3.101"
ssh 10.89.3.101
;;
3)
stty -echo
read -p "your privite passwd:" char
if [ "$char" = "111111" ]; then
stty echo
echo "\n"
exit
sleep 3
fi
;;
*)
echo "select error."
esac
done
}
main [root@linux-node1 ~]# chmod +x /server/scripts/jump.sh [root@linux-node1 ~]# su - jump
1)weblamp-10.89.3.100
2)weblnmp-10.89.3.101
3)administrator
Pls input a num.: ![1、Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)