服务器之间一键免密登录

图解

一键配置免密登录

[root@master-61 /my_scripts]#cat mianmi.sh 
#!/bin/bash

#1、管理机master61机器创建公私钥
echo "开始创建密钥对"
if [ -f /root/.ssh/id_rsa ]
then
  echo "密钥对已存在,请检查"
else
  ssh-keygen -f /root/.ssh/id_rsa -N '' > /tmp/xming_ssh.log 2>&1
fi

#2、发送公钥到目标机器
#在管理机下载sshpass服务,实现非交互式
  yum install sshpass -y

  echo "发送公钥中...分发的机器列表为{7,8,9,31,41}"
for ip in {7,8,9,31,41}
do
  sshpass -p '222222' ssh-copy-id root@172.16.1.${ip} -o StrictHostKeyChecking=no > /tmp/xming_ssh.log 2>&1
  echo "正在验证免密结果"
  echo "远程获取主机名:$(ssh root@172.16.1.${ip} hostname)"
done

#3、远程修改目标机器端口号为22999
for ip in {7,8,9,31,41}
do
  echo "正在修改172.16.1.${ip}的端口号"
  ssh root@172.16.1.${ip} "sed -i '/Port 22/c Port 22999' /etc/ssh/sshd_config"
done

#4、远程修改目标机器的ssh配置文件,不允许密码登录,只能用密钥登录
for ip in {7,8,9,31,41}
do
  echo "正修改允许公钥登录参数...当前操作的机器是172.16.1.${ip}"
  ssh root@172.16.1.${ip} "sed -i '/PubkeyAuthentication/c PubkeyAuthentication yes' /etc/ssh/sshd_config"
  echo "正修改禁止密码登录参数...当前操作的机器是172.16.1.${ip}"
  ssh root@172.16.1.${ip} "sed -i '/PasswordAuthentication/c PasswordAuthentication no' /etc/ssh/sshd_config "
done

#5、修改只监听内网地址172.16.1.xx
for ip in {7,8,9,31,41}
do
  echo "正在修改监听地址...当前操作的机器是172.16.1.${ip}"
  ssh root@172.16.1.${ip} "sed -i '/ListenAddress 0.0.0.0/c ListenAddress  172.16.1.${ip}' /etc/ssh/sshd_config "
done

#6、验证目标机器ssh的修改情况
for ip in {7,8,9,31,41}
do
  echo "当前正在检查的机器172.16.1.${ip}"
  ssh root@172.16.1.${ip} "grep -E '^(Port|PasswordAuthentication|PubkeyAuthentication|ListenAddress)' /etc/ssh/sshd_config"
done

echo '============批量修改目标机器sshd配置文件已完成==========='

重启sshd服务

[root@master-61 /my_scripts]#cat ssh_restart.sh 
#!/bin/bash

#批量重启目标机器的ssh服务
for ip in {7,8,9,31,41}
do
  echo "正在重启sshd服务...当前机器是172.16.1.${ip}"
  ssh root@172.16.1.${ip} "systemctl restart sshd"
done

服务脚本

nfs-31机器

nfs服务脚本
[root@master-61 /my_scripts]#cat my_nfs31.sh 
#!/bin/bash

#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2、下载nfs服务
yum install nfs-utils rpcbind -y
yum install rsync -y

#3、启动服务
systemctl start rpcbind
systemctl start nfs-server

#4、设置开机自启
systemctl is-enabled nfs
systemctl enable rpcbind nfs

#5、创建挂载目录/my_nfs_nginx
mkdir -p /my_nfs_nginx

#6、创建用户
useradd www -u 666 -M -s /sbin/nologin

#7、修改nfs配置文件
cat > /etc/exports <<EOF
/my_nfs_nginx 172.16.1.7/24(rw,sync,all_squash,anonuid=666,anongid=666)
EOF

#8、更新nfs配置文件
exportfs -r

#9、修改共享文件/my_nfs_nginx的属主属组
chown -R www:www /my_nfs_nginx
lsyncd服务
[root@master-61 /my_scripts]#cat my_nfs_lsyncd.sh 
#!/bin/bash

#1、下载lsyncd服务
yum install lsyncd -y

#2、拷贝一下原来的配置文件
cp /etc/lsyncd.conf{,.ori}

#3、修改lsyncd配置文件
cat >/etc/lsyncd.conf <<EOF
settings {
    logfile      ="/var/log/lsyncd/lsyncd.log",
    statusFile   ="/var/log/lsyncd/lsyncd.status",
    inotifyMode  = "CloseWrite",
    maxProcesses = 8,
    }

sync {
    default.rsync,
    source    = "/my_nfs_nginx",
    target    = "rsync_xming@172.16.1.41::tantan",
    delete= true,
    exclude = {".*"},
    delay=1,
    rsync     = {
        binary    = "/usr/bin/rsync",
        archive   = true,
        compress  = true,
        verbose   = true,
        password_file="/etc/rsync.pwd",
        _extra={"--bwlimit=200"}
        }
    }
EOF

#4、将密码放入密码文件
echo "111111" > /etc/rsync.pwd

#5、修改密码文件权限,拒绝其他人访问
chmod 600 /etc/rsync.pwd

#6、启动lsyncd服务
systemctl start lsyncd

rsync-41机器脚本

[root@master-61 /my_scripts]#cat my_rsync41.sh 
#!/bin/bash

#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2、下载rsync服务
yum install  rsync -y

#3、修改rsync配置文件
cat > /etc/rsyncd.conf << EOF
uid = xming
gid = xming
port = 873
fake super = yes 
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_xming
secrets file = /etc/rsync.pwd
log file = /var/log/rsyncd.log
####################################
[tantan]
comment = yuchaoit.cn about rsync
path = /tantan

[momo]
path = /momo
EOF

#4、创建用户及数据目录
useradd -u 2222 -M -s /sbin/nologin xming

mkdir /tantan
mkdir /momo

#5、修改数据目录属主属主
chown -R xming:xming /tantan
chown -R xming:xming /momo

#6、创建用户密码文件及授权
echo "rsync_xming:111111" > /etc/rsync.pwd
chmod 600 /etc/rsync.pwd

#7、启动rsyncd服务
systemctl start rsyncd

web服务器

[root@master-61 /my_scripts]#cat my_web.sh 
#!/bin/bash

#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2、下载nginx服务
yum install nginx -y

#3、创建配置文件
cat > /etc/nginx/nginx.conf << EOF
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


server {
  listen 81;
  server_name localhost;
  location / {
   	root html;
   	index index.html;
 						 }
			}

}
EOF

#4、启动服务
systemctl start nginx

#5、挂载到共享目录/my_nfs_nginx
yum install nfs-utils -y
mount -t nfs 172.16.1.31:/my_nfs_nginx /usr/share/nginx/html

master-61执行不同服务脚本总脚本

[root@master-61 /my_scripts]#cat my_zong.sh 
#!/bin/bash

#1、定义PATH变量
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin

#2、执行mianmi.sh脚本,让跳板机61机器可以免密登录目标机器
bash /my_scripts/mianmi.sh

#3、执行重新启动sshd服务脚本
bash /my_scripts/ssh_restart.sh

#4、设置别名,加到全局变量
cat >> /etc/profile << EOF
alias sshweb7='ssh root@172.16.1.7 -p 22999'
alias sshweb8='ssh root@172.16.1.8 -p 22999'
alias sshweb9='ssh root@172.16.1.9 -p 22999'
alias sshnfs31='ssh root@172.16.1.31 -p 22999'
alias sshrsync41='ssh root@172.16.1.41 -p 22999'
EOF

#5、重新加载全局变量
source    /etc/profile

#6、看一下别名是否加入
alias

#7、将脚本my_rsync41.sh发送到41机器并远程执行它
scp -P 22999  /my_scripts/my_rsync41.sh root@172.16.1.41:/opt/my_rsync41.sh
ssh root@172.16.1.41 -p 22999 "bash /opt/my_rsync41.sh"
ssh root@172.16.1.41 -p 22999 "echo '===============rsyncf服务部署完成================='" 
echo "================41机器完成环境部署======================="

#8、将脚本my_nfs31.sh与my_nfs_lsyncd.sh发送到31机器并远程执行
scp -P 22999  /my_scripts/my_nfs31.sh  root@172.16.1.31:/opt/my_nfs31.sh
scp -P 22999  /my_scripts/my_nfs_lsyncd.sh  root@172.16.1.31:/opt/my_nfs_lsyncd.sh
ssh root@172.16.1.31 -p 22999 "bash /opt/my_nfs31.sh"
ssh root@172.16.1.31 -p 22999 "echo '==================31机器nfs服务部署完成==================='"
ssh root@172.16.1.31 -p 22999 "bash /opt/my_nfs_lsyncd.sh"
ssh root@172.16.1.31 -p 22999 "echo '=================31机器lsyncd服务部署完成===================='"
echo "================31机器完成环境部署======================"

#9、将脚本my_web.sh发送到7,8,9机器上,并远程执行
for web_ip in {7,8,9}
do
  scp -P 22999  /my_scripts/my_web.sh  root@172.16.1.${web_ip}:/opt/my_web.sh
  echo "172.16.1.${web_ip} 机器已发送完毕"
done

echo "=============脚本my_web.sh已发送给web机器=============="

for web_ip in {7,8,9}
do
  ssh -p 22999 root@172.16.1.${web_ip} "bash /opt/my_web.sh"
  echo "172.16.1.${web_ip} 机器脚本执行完成"
done

echo "=================3台web机器脚本执行完成================"

测试脚本

1、先在61要机器创建html文件
[root@master-61 /my_scripts]#cat index.html 
<meta charset=utf-8>
      人生无常,大肠包小肠!!!! 
     hhh
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
      人生无常,大肠包小肠!!!! 
     hhh
  
<img src='章鱼哥.jpg'>
  
<img src='章鱼哥.jpg'>

2、创建测试脚本
[root@master-61 /my_scripts]#cat my_test.sh 
#!/bin/bash

#1、将html文件发送到31机器的共享文件/my_nfs_nginx
scp -P 22999  /my_scripts/index.html  root@172.16.1.31:/my_nfs_nginx

#2、验证看是否实时备份和共享
ssh -p 22999 root@172.16.1.31 "ls -l /my_nfs_nginx"
ssh -p 22999 root@172.16.1.41  "ls -l /tantan"

for web_ip in {7,8,9}
do
  ssh -p 22999 root@172.16.1.${web_ip} "ls -l /usr/share/nginx/html"
done

#3、在web9下载图片
ssh -p 22999  root@172.16.1.9  "wget -O /usr/share/nginx/html/章鱼哥.jpg https://www.tanmizhi.com/img/allimg/04/39-2204111I240-50.jpg"
posted @   张开嘴  阅读(191)  评论(0编辑  收藏  举报
相关博文:
· 服务器之间手动免密登录
· SSH登录笔记Windows与服务器的连接
· linux ssh免密部署
· ssh进阶,免密登录
· Windows 配置 ssh 免密登录 Linux 服务器
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· 单线程的Redis速度为什么快?
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛