ssh使用root拉取和批量执行命令

1,文件分发,批量命令执行
2,拉取文件

SSH配置文件!
GSSAPIAuthentication no
UseDNS no
ssh-copy-id -i .ssh/id_dsa.pub
如果不是22端口
ssh-copy-id -i "-p 2222 linuxea@nfs"
指定用户做分发:
在做之前,通常我们不适用root远程登录,在本次案例中使用root,和非root提权

[root@NFS-server ~]# useradd linuxea
[root@NFS-server ~]# su - linuxea
[linuxea@NFS-server ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxea/.ssh/id_dsa): 
Created directory '/home/linuxea/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/linuxea/.ssh/id_dsa.
Your public key has been saved in /home/linuxea/.ssh/id_dsa.pub.
The key fingerprint is:
1b:3c:32:ee:fa:7e:b7:b5:84:83:42:14:7c:f8:28:f7 linuxea@NFS-server
The key's randomart image is:
+--[ DSA 1024]----+
|     ...         |
|      o..        |
|      .+         |
|    ..o..        |
|     o+.S        |
|     o oE= .     |
|      o o o o    |
|     . .. .+ .   |
|    .++. ....    |
+-----------------+

[linuxea@NFS-server ~]$ ls -l .ssh/
total 8
-rw------- 1 linuxea linuxea 672 Dec 26 01:59 id_dsa---------私钥
-rw-r--r-- 1 linuxea linuxea 608 Dec 26 01:59 id_dsa.pub-----公钥
[linuxea@NFS-server ~]$ 

如果端口不是22:则ssh-copy-id -i id_dsa.pub "ip 2222 root@10.0.0.54"

[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub root@10.0.0.54
The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established.
RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts.
root@10.0.0.54's password: 
Now try logging into the machine, with "ssh 'root@10.0.0.54'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxea@NFS-server ~]$ 

当我们面对小规模时候,使用linux复制一些文件,如hosts,如dns文件都可以使用这样的方式进行发送
当把秘钥已经做好了,就可以发送这些文件,可以单台,也可以多台
单台:

[linuxea@NFS-server ~]$ scp -P22 /etc/hosts root@10.0.0.55

多台写个简单脚本即可!

[linuxea@NFS-server ~]$ vim hosts.sh
scp -P22 /etc/hosts root@10.0.0.51
echo =====================================
scp -P22 /etc/hosts root@10.0.0.52
echo =====================================
scp -P22 /etc/hosts root@10.0.0.53
echo =====================================
scp -P22 /etc/hosts root@10.0.0.55
[linuxea@NFS-server ~]$ sh hosts.sh

也可以这样:
写一个脚本,运行时输入需要复制的文件或目录,,并且打印出结果!如下:
如果不输入内容则输出结果!

[linuxea@NFS-server ~]$ vim hosts.sh
#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
        then
         echo "USAGE:$0 {FILE NAME|DIR NAME}"
         exit 1
fi
for n in 53 54 55
do
        scp -P22 -r $1 root@10.0.0.$n:~ &>/dev/null
        if [ $? -eq 0 ]
         then
                action "file put ok $!" /bin/true
        else
                action "file put ok $!" /bin/false
        fi
done

运行脚本,并且输入需要复制的文件路径/etc/hosts

[linuxea@NFS-server ~]$ sh hosts.sh /etc/hosts
file put ok                                                [  OK  ]
file put ok                                                [  OK  ]
file put ok                                                [  OK  ]
[linuxea@NFS-server ~]$ 

如果不输入则提示:

[linuxea@NFS-server ~]$ bash hosts.sh 
USAGE:hosts.sh {FILE NAME|DIR NAME}
[linuxea@NFS-server ~]$ 

优化二:
修改上面的脚本进行远程传递参数:

[linuxea@NFS-server ~]$ cat command.sh 
#!/bin/sh
if [ $# -ne 1 ]  
    then
     echo "USAGE:$0 COMMAND"
     exit 1
fi
for n in 53 54 55
do
    ssh -p22 root@10.0.0.$n $1
done

运行并且输出需要传递的参数,用“/sbin/ifconfig eth1"

[linuxea@NFS-server ~]$ sh command.sh "/sbin/ifconfig eth1"
eth1      Link encap:Ethernet  HWaddr 00:0C:29:6A:AB:0F  
          inet addr:10.0.0.53  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fe6a:ab0f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1069 errors:0 dropped:0 overruns:0 frame:0
          TX packets:619 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:98330 (96.0 KiB)  TX bytes:60915 (59.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:88:53:53  
          inet addr:10.0.0.54  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fe88:5353/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1097 errors:0 dropped:0 overruns:0 frame:0
          TX packets:652 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:104498 (102.0 KiB)  TX bytes:64988 (63.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:CE:B5:7D  
          inet addr:10.0.0.55  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fece:b57d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:730 errors:0 dropped:0 overruns:0 frame:0
          TX packets:354 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:77161 (75.3 KiB)  TX bytes:48873 (47.7 KiB)

[linuxea@NFS-server ~]$ 

查看版本号!

[linuxea@NFS-server ~]$ sh command.sh "cat /etc/redhat-release"
CentOS release 6.6 (Final)
CentOS release 6.6 (Final)
CentOS release 6.6 (Final)
[linuxea@NFS-server ~]$ 

关于错误的权限问题,
1,/etc/下的内容大部分是没有写权限的,如果是root则可以,上面则是root权限在使用
2, 把需要分发的文件cp到服务器家目录,然后sudo提权复制分发文件到对于的权限目录
3, 将操作命令做成suid
4, saltstack,puppet等!

372 分享

您可以选择一种方式赞助本站

支付宝扫码赞助

支付宝扫码赞助

日期: 2015-12-29分类: rsync,NFS

标签: bash-shell

发表评论

已有 2 条评论

加载中,请稍候...
  1. mark
    December 30th, 2015 at 12:04 am

    test

  2. Spy
    Spy
    December 30th, 2015 at 04:06 pm

    [围观]