ssh-批量管理 优化 免秘钥

标签：ssh

ssh命令

适用命令及方案如下：
【远程连接及执行命令】

ssh -p22 root@10.0.0.19

ssh -p22 root@10.0.0.19 /sbin/ifconfig

【远程拷贝：推送及拉取】

scp -P22 -r -p /etc root@10.0.0.19:/tmp/

scp -P22 -r -p root@10.0.0.19:/tmp/ /etc

【安全的FTP功能】

sftp -oPort=22 root@10.0.0.19

利用ssh-v的调试功能查找慢的原因

windows上传下载需要在CRT文件下找到sftp就可以重本地上传东西了

put 上传  

get  下载

检查openssh和openssl是否安装

echo ‘###openssh-openssl###‘1>>~/ssh.ok 2>>ssh.bug

rpm -qa opensshopenssl 1>>~/ssh.ok 2>>ssh.bug

限制外网IP

优化：

以下各项开机时已经实现优化：

Port52113

PermitRootLogin no

PermitEmptyPasswords no

UseDNS no

GSSAPIAuthentication no

只允许内网IP172.16.1.61登录

echo ‘###限制登录内网IP###‘1>>~/ssh.ok 2>>ssh.bug

cp /etc/ssh/sshd_config{,.ssh.ori}

ls /etc/ssh/sshd_config.ssh.ori 1>>~/ssh.ok 2>>ssh.bug

sed -i ‘13a ListenAddress 172.16.1.61:52311‘/etc/ssh/sshd_config

sed -n ‘13,18p‘/etc/ssh/sshd_config 1>>~/ssh.ok 2>>ssh.bug

ssh实现批量管理

一键生成密钥：

法一：

ssh-keygen -t dsa -P ‘‘ -f ~/.ssh/id_dsa >/dev/null 2>&1 

法二：

echo -e "\n"|ssh-keygen -t dsa -N ""  >/dev/null 2>&1

echo ‘###查看生成密钥情况###‘1>>~/ssh.ok 2>>ssh.bug

ls -l ~/.ssh 1>>~/ssh.ok 2>>ssh.bug

分发密钥

echo ‘###查看生成密钥情况###‘1>>~/ssh.ok 2>>ssh.bug

ssh-copy-id -i ~/.ssh/id_dsa.pub zhang@172.16.1.8 （默认22端口使用）

ssh-copy-id -i ~/.ssh/id_dsa.pub "-p 52113zhang@172.16.1.8"  （改端口使用）

批量分发密钥

批量分发文件

echo ‘###批量分发文件###‘1>>~/ssh.ok 2>>ssh.bug

cat >/home/zhang/scripts/fenfa_file.sh<<EOF

#!/bin/sh

if [ \$# -ne 2 ];then

    echo "USAGE:/bin/sh\$0 ARG1 ARG2"

    exit 1

fi

. /etc/init.d/functions

for n in 8 31 41

do

  scp -P52113 ~/\$1 zhang@172.16.1.\${n}:~ >/dev/null 2>&1&&\\

  ssh -p52113 -t zhang@172.16.1.\$n sudo rsync ~/\$1 \$2 >/dev/null 2>&1

  if [ \$? -eq 0 ];then

     action "fenfa hosts 172.16.1.\$n" /bin/true

  else

     action "fenfa hosts 172.16.1.\$n" /bin/false

  fi

done

EOF

cat fenfa_file.sh 1>>~/ssh.ok 2>>ssh.bug

批量执行命令

echo ‘###查批量执行命令###‘1>>~/ssh.ok 2>>ssh.bug

cat >/home/zhang/scripts/zhixing.sh<<EOF

#!/bin/sh

if [ \$# -ne 1 ];then

    echo "USAGE:/bin/sh \$0 ARG1"

    exit 1

fi

for n in 8 31 41

do

  echo =======172.16.1.\$n========

  ssh -p52113 zhang@172.16.1.\$n "\$1"

done

EOF

cat zhixing.sh 1>>~/ssh.ok 2>>ssh.bug

老男孩28期

搭建web01nginx

vim in_nginx.sh

#!/bin/sh

/bin/sh fenfa_file.sh nginx.sh /server/scripts/&&\

/bin/sh zhixing.sh /server/scripts/nginx.sh

vim nginx

#!/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

export PATH

./etc/init.d/functions

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo

yum install openssl openssl-devel -y

rpm -qa opensslopenssl-devel

yum install pcre pcre-devel -y

rpm -qa pcre pcre-devel

#######下载nginx并编译安装########

mkdir /install

cd /install

wget -q http://nginx.org/download/nginx-1.6.3.tar.gz

useradd www -s /sbin/nologin -M

tar xf nginx-1.6.3.tar.gz

cd nginx-1.6.3

##############配置################

#########检查##########

echo $?

sleep 5

##########编译安装########

make

make install

ln -s /application/nginx-1.6.3//application/nginx

##########启动##########

/application/nginx/sbin/nginx

##########加入到开机启动##########

echo ‘/application/nginx/sbin/nginx‘>>/etc/rc.local

tail -1/etc/rc.local

ps -ef|grep nginx|grep -v grep

sleep 5

##########nginx优化###########

cd /application/nginx/conf/

cat >nginx.conf<<EOF

worker_processes  1;

error_log  logs/error.log;

events {

    worker_connections  1024;

}

http {

    include       mime.types;

    default_type  application/octet-stream;

log_format  main  ‘\$remote_addr - \$remote_user[\$time_local] "\$request" ‘

                 ‘\$status\$body_bytes_sent "\$http_referer" ‘

                 ‘"\$http_user_agent""\$http_x_forwarded_for"‘;

    sendfile        on;

    keepalive_timeout  65;

    include extra/blog.conf;

    include extra/status.conf;

}

EOF

mkdir extra

cd extra

cat >blog.conf<<EOF

server {

        listen       80;

        server_name  blog.etiantian.org;

        location /{

            root  html/blog;

            index index.php index.html index.htm;

        }

        location ~.*\.(php|php5)?\$ {

            root html/blog;

            fastcgi_pass 127.0.0.1:9000;

            fastcgi_indexindex.php;

            include fastcgi.conf;

        }

        access_log  logs/access_blog.log  main;

}

EOF

cat >status.conf<<EOF

##status

server {

        listen       80;

        server_name  status.etiantian.org;

        location /{

            stub_status on;

            access_log off;

            allow 10.0.0.0/24;

            deny all;

        }

    }

EOF

mkdir /application/nginx/html/blog -p

echo "<\?php phpinfo(); ?>">/application/nginx/html/blog/test_info.php

cat /application/nginx/html/blog/test_info.php

cp /application/nginx/html/index.html/application/nginx/html/blog/

/application/nginx/sbin/nginx -t

/application/nginx/sbin/nginx -s reload

[root@m01 scripts]# cat zhixing.sh 

#!/bin/sh

if[ $# -ne 1 ];then

    echo "USAGE:/bin/sh $0 ARG1"

    exit 1

fi

for n in 8

do

  echo =======172.16.1.$n========

  ssh -t -p52113 root@172.16.1.$n /bin/sh "$1"

done

[root@m01 scripts]# cat fenfa_file.sh 

#!/bin/sh

if[ $# -ne 2 ];then

    echo "USAGE:/bin/sh $0 ARG1 ARG2"

    exit 1

fi

./etc/init.d/functions

for n in 8

do

  scp -P52113 ~/$1 root@172.16.1.${n}:~>/dev/null 2>&1&&\

  ssh -p52113 -t root@172.16.1.$n sudo rsync ~/$1 $2 >/dev/null 2>&1

  if[ $?-eq 0];then

     action "fenfa hosts 172.16.1.$n"/bin/true

  else

     action "fenfa hosts 172.16.1.$n"/bin/false

  fi

done

检查

[root@web01 ~]# lsof -i:80

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

nginx   4220 root    6u  IPv4  18713      0t0  TCP *:http (LISTEN)

nginx   4235  www    6u  IPv4  18713      0t0  TCP *:http (LISTEN)

本文出自 “11255195” 博客，请务必保留此出处http://11265195.blog.51cto.com/11255195/1776018

ssh-批量管理 优化 免秘钥

标签：ssh

原文地址：http://11265195.blog.51cto.com/11255195/1776018