题目:实现,将A服务器/data目录下的heaven.txt文件分发到B、C服务器的/etc目录下:(不允许使用ROOT账户)
解答:
1、思考,若实现问题中的效果,有3种办法,
①使用root用户
②使用sudo提权
③使用suid
实际生产中,还是使用sudo比较靠谱
2、在3台服务器中分别建立heavenfish账户,并提权,使heavenfish账户具有sudo cp 的权限。
开始答题:
##首先建立秘钥对,让服务器之间互相传文件不需要密码
[heavenfish@A ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/heavenfish/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/heavenfish/.ssh/id_dsa.
Your public key has been saved in /home/heavenfish/.ssh/id_dsa.pub.
The key fingerprint is:
7a:be:bf:a9:ad:18:ff:09:6b:79:51:cf:3b:9a:8d:5b heavenfish@A
The key‘s randomart image is:
+--[ DSA 1024]----+
| |
| |
| |
| . |
| S . o |
| . . o |
| o o. . E. |
| *o+.o =o |
| ..BBB.=o.. |
+-----------------+
##在家目录的.ssh目录下,产生私钥和公钥
[heavenfish@A ~]$ cd ~/.ssh/
[heavenfish@A ~]$ ls -l
total 12
-rw------- 1 heavenfish heavenfish 668 Aug 25 21:22 id_dsa ##私钥
-rw-r--r-- 1 heavenfish heavenfish 602 Aug 25 21:22 id_dsa.pub ##公钥
###将公钥发送给B C
[heavenfish@A .ssh]$ ssh-copy-id -i id_dsa.pub "-p 52113 heavenfish@192.168.100.62"
The authenticity of host ‘[192.168.100.62]:52113 ([192.168.100.62]:52113)‘ can‘t be established.
RSA key fingerprint is 4b:f2:a3:20:e4:76:5c:3a:5c:98:4e:07:ee:1a:93:34.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[192.168.100.62]:52113‘ (RSA) to the list of known hosts.
heavenfish@192.168.100.62‘s password:
Now try logging into the machine, with "ssh ‘-p 52113 heavenfish@192.168.100.62‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
[heavenfish@A .ssh]$ ssh-copy-id -i id_dsa.pub "-p 52113 heavenfish@192.168.100.63"
The authenticity of host ‘[192.168.100.63]:52113 ([192.168.100.63]:52113)‘ can‘t be established.
RSA key fingerprint is 4b:f2:a3:20:e4:76:5c:3a:5c:98:4e:07:ee:1a:93:34.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added ‘[192.168.100.63]:52113‘ (RSA) to the list of known hosts.
heavenfish@192.168.100.63‘s password:
Now try logging into the machine, with "ssh ‘-p 52113 heavenfish@192.168.100.63‘", and check in:
.ssh/authorized_keys
to make sure we haven‘t added extra keys that you weren‘t expecting.
###然后写脚本,将/data 目录下的heaven.txt文件发送到B C 的/etc下
[heavenfish@A ~]$ vi fenfa.sh
#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USEGE:$0 arg1 arg2"
exit
fi
for n in 62.63
do
scp -P52113 -p $1 192.168.100.$n:~ >/dell/null 2>&1
ssh -p52113 -t 192.168.100.$n sudo cp ~/$1 $2 >/dev/null 2>&1
if [ $? -eq 0 ]
then
action "192.168.100.$n exec is ok" /bin/true
else
action "192.168.100.$n exec is no" /bin/false
fi
done
保存
************特别提示:需要先把文件复制到家目录下 要不然是失败的****************
[heavenfish@A ~]$ sh fenfa.sh /data/heaven.txt /etc/
192.168.100.62 exec is no [FAILED]
192.168.100.63 exec is no [FAILED]
[heavenfish@A ~]$ cp /data/heaven.txt .
[heavenfish@A ~]$ sh fenfa.sh heaven.txt /etc/
192.168.100.62 exec is ok [ OK ]
192.168.100.63 exec is ok [ OK ]
以上,成功了!
原文地址:http://heavenfish.blog.51cto.com/9841104/1959294
