1、准备172.16.1.10-backup, 172.16.1.7-lnmp01, 172.16.1.9-nfs-server三台22端口机器,172.16.1.8-lamp01一台8080端口机器(只是个人测试用)
2、查看系统相关信息
[root@backup ~]# cat /etc/redhat-release
CentOS release 6.7 (Final)
[root@backup ~]# uname -r
2.6.32-573.el6.x86_64
[root@backup ~]# uname -m
x86_64
[root@backup ~]#rpm -qa openssl openssh
[root@backup ~]#yum install -y openssl
[root@backup ~]#yum install -y openssh
[root@backup ~]#rpm -qa openssl openssh
openssh-5.3p1-111.el6.x86_64
openssl-1.0.1e-42.el6.x86_64
[root@backup ~]# /etc/init.d/sshd status
openssh-daemon (pid 4096) is running...
#如果未开启,那么需要执行下述命令
[root@backup ~]# /etc/init.d/sshd start
[root@backup ~]# useradd oldgirl
[root@backup ~]# tail -1 /etc/passwd
oldgirl:x:503:503::/home/oldgirl:/bin/bash
[root@backup ~]# echo 123456|passwd --stdin oldgirl
[root@backup ~]# id oldgirl
[root@backup ~]# su – oldgirl #其他3台机器也要建同样的用户
[oldgirl@backup ~]$ ll
...............
#在root用户下执行
[root@backup ~]# sed -ir ‘13 iPort 52113\nPermitRootLoginno\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no‘ /etc/ssh/sshd_config
#一般来讲,如果用户严格的话,那么不让root用户登录,那么需要把PermitRootLogin改为no,现在测试机直接是yes,ssh这个文件默认端口是22,如果要修改端口加上Port 52113,那么在访问这台机器的时候要特殊处理。
[oldgirl@backup ~]$ ssh-keygen -t dsa#下面的都敲回车即可
Generating public/private dsa key pair.
Enter file in which to save the key(/home/oldgirl/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/home/oldgirl/.ssh/id_dsa.
Your public key has been saved in/home/oldgirl/.ssh/id_dsa.pub.
The key fingerprint is:
e8:3b:06:99:fe:bc:ca:dd:72:2a:c0:24:df:fe:e1:eeoldgirl@backup
The key‘s randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
|. . . |
| = . o. S |
| + =. |
| + .o |
| .++++. |
| oOE*. |
+-----------------+
[oldgirl@backup ~]$ cat .ssh/#查看秘钥生成的相关文件
authorized_keys id_dsa id_dsa.pub known_hosts
#注意:公钥相当于锁,要发给所有机器,私钥相当于钥匙,要留给自己。
#给22端口的7机器和9机器发公钥密钥
[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.7
oldgirl@172.16.1.7‘s password:
Now try logging into the machine, with "ssh‘oldgirl@172.16.1.7‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.9
oldgirl@172.16.1.9‘s password:
Now try logging into the machine, with "ssh‘oldgirl@172.16.1.9‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
#查看7、9两台机器生成的密钥
[oldgirl@lnmp01 ~]$ ls -l ~/.ssh/authorized_keys#相当于id_dsa.pub,只是换了个名
-rw------- 1 oldgirl oldgirl 604 Jun 5 20:33 /home/oldgirl/.ssh/authorized_keys
[oldgirl@nfs-server ~]$ ls -l ~/.ssh/authorized_keys
-rw------- 1 oldgirl oldgirl 604 Jun 5 20:34 /home/oldgirl/.ssh/authorized_keys
#给8080端口8机器发密钥,仅仅是个人测试端口使用
[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub"-p 8080 oldgirl@172.16.1.8"
The authenticity of host ‘[172.16.1.8]:8080([172.16.1.8]:8080)‘ can‘t be established.
RSA key fingerprint is85:f0:47:99:b8:f7:f4:23:c4:a8:db:e6:ac:d3:dd:f3.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[172.16.1.8]:8080‘ (RSA) tothe list of known hosts.
oldgirl@172.16.1.8‘s password:
Now try logging into the machine, with "ssh ‘-p 8080oldgirl@172.16.1.8‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘texpecting.
#查看8机器生成的密钥
[oldgirl@lamp01 ~]$ ls -l ~/.ssh/authorized_keys
-rw------- 1 oldgirl oldgirl 604 Jun 7 02:02 /home/oldgirl/.ssh/authorized_keys
7、批量管理
7、1批量管理:在10backup机器分发文件方式一
脚本内容:
[oldgirl@backup ~]$ cat fenfa1.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ];then echo"USAGE:$0 filename" exit 1 fi for n in 9 7 do scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null && ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /etc/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done
#在10机器的oldgirl下执行,执行这步之前一定要先把密钥/公钥发给其他机器,不然执行这里会让输入密码。
[oldgirl@backup ~]$ /bin/sh fenfa1.sh test1.txt #格式为/bin/sh,脚本名称,要发送的文件名
172.16.1.9 [ OK ]
172.16.1.7 [ OK ]
#查看7和9机器生成的文件
[oldgirl@nfs-server ~]$ ls -l test1.txt
-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt
[oldgirl@lnmp01 ~]$ ls -l test1.txt
-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt
7、2批量管理:在10backup机器分发文件方式二
#在root用户下,在10、7、9机器中加入
[root@backup ~]# cat /etc/sudoers
oldgirl ALL= NOPASSWD: /usr/bin/rsync
脚本内容:
[oldgirl@backup ~]$ cat fenfa.sh
#!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ];then echo"USAGE:$0 filename DST" exit 1 fi for n in 9 7 do scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null && ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /$2/ &>/dev/null if [ $? -eq 0];then action"172.16.1.$n" /bin/true else action"172.16.1.$n" /bin/false fi done
#上述脚本涉及rsync的内容请参考我的另一篇博文
“rsync的配置和以rsync的daemon工作模式传输数据”
#在10机器的oldgirl用户下执行
[oldgirl@backup ~]$ /bin/sh fenfa.sh text2.txt data #注意data这里不要加”/”,脚本里已加,认真认真再认真! #格式为/bin/sh,脚本名,发送文件名,接收文件目录
172.16.1.9 [ OK ]
172.16.1.7 [ OK ]
#在7和9机器查看结果
[oldgirl@lnmp01 ~]$ ls -l /data/
total 0
-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt
[oldgirl@nfs-server ~]$ ls -l /data/
total 0
-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt
原文地址:http://ylcodes01.blog.51cto.com/5607366/1789067
