标签:
先上图
再上代码
#!/bin/bash
#author: QingFeng
#qq: 530035210
#blog: http://my.oschina.net/pwd/blog
#自动添加秘钥认证用户
#缺省的配置如下
logdir=/data/log/shell #日志路径
log=$logdir/shell.log #日志文件
is_font=1 #终端是否打印日志: 1打印 0不打印
is_log=0 #是否记录日志: 1记录 0不记录
random_time=$(date +%Y%m%d_%H%M%S)
datef(){
date "+%Y-%m-%d %H:%M:%S"
}
print_log(){
if [[ $is_log -eq 1 ]];then
[[ -d $logdir ]] || mkdir -p $logdir
echo "[ $(datef) ] $1" >> $log
fi
if [[ $is_font -eq 1 ]];then
echo -e "[ $(datef) ] $1"
fi
}
#自动生成key
addautoKey(){
if [[ ! -f /usr/bin/expect ]];then
print_log "$FUNCNAME():不存在expect函数:开始安装."
yum install tcl-devel tcl expect -y -q
print_log "$FUNCNAME():expect函数:安装完成."
fi
mkdir -p /tmp/ssh_$random_time
cd /tmp/ssh_$random_time
expect -c "
spawn /usr/bin/ssh-keygen -t rsa
set timeout -1
expect \"\*id_rsa)\*:\"
send \"$1\r\"
expect \"\*no passphrase)\*:\"
send \"$1\r\"
expect \"\*again\*:\"
send \"$1\r\"
expect eof
" > /dev/null
num=$(ls /tmp/ssh_$random_time/$1* -l |wc -l)
if [[ $num -eq 2 ]];then
print_log "$FUNCNAME():该用户$1秘钥自动生成完成,路径: /tmp/ssh_$random_time"
else
print_log "$FUNCNAME():\033[31m该用户$1秘钥自动生成失败,退出\033[0m"
exit
fi
}
#添加用户
addUser(){
if [[ $1 == "" ]];then
print_log "$FUNCNAME():\033[31m用户名不能为空\033[0m"
exit
fi
strlength=$(expr length $1)
if [[ $strlength -lt 5 ]];then
print_log "$FUNCNAME():\033[31m用户名的长度最少大于4,退出\033[0m"
exit
fi
User=$(cat /etc/passwd |grep -v "nologin" |awk -F‘:‘ ‘{if ($3> 500) print $1 }‘ |grep "$1")
if [[ -z $User ]];then
print_log "$FUNCNAME():不存在非系统用户:$1,开始添加用户操作."
adduser $1 -g 10
[[ -d /home/$1/.ssh ]] || mkdir /home/$1/.ssh
addautoKey $1
cp /tmp/ssh_$random_time/$1.pub /home/$1/.ssh/authorized_keys
chmod 600 /home/$1/.ssh/authorized_keys
chown $1:wheel /home/$1/ -R
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d_%H%M%S)
sshdUser=$(cat /etc/ssh/sshd_config |grep "$1")
if [[ -z $sshdUser ]];then
sed -i "s/AllowUsers/AllowUsers $1/" /etc/ssh/sshd_config
/etc/init.d/sshd restart
print_log "$FUNCNAME():更新sshd_config文件并重启sshd完成."
else
print_log "$FUNCNAME():sshd_config文件中已经存在$1."
fi
else
print_log "$FUNCNAME():已经存在非系统用户:$1,请确认后在添加."
fi
}
#查找用户
lookUp(){
loginUser=$(cat /etc/passwd |grep -v "nologin" |awk -F‘:‘ ‘{if ($3> 500) print $1 }‘)
print_log "$FUNCNAME():如下用户拥有登陆系统权限:\n\033[32m$loginUser\033[0m"
}
#删除用户
deleteUser(){
if [[ $1 == "" ]];then
print_log "$FUNCNAME():\033[31m用户名不能为空\033[0m"
exit
fi
User=$(cat /etc/passwd |grep -v "nologin" |awk -F‘:‘ ‘{if ($3> 500) print $1 }‘ |grep "$1")
if [[ ! -z $User ]];then
print_log "$FUNCNAME():存在非系统用户:$1"
else
print_log "$FUNCNAME():\033[31m不存在非系统用户:$1,退出\033[0m"
exit
fi
userdel -rf $1
if [[ $? -eq 0 ]];then
print_log "$FUNCNAME():删除非系统用户:$1成功."
else
print_log "$FUNCNAME():\033[31m删除非系统用户:$1失败.\033[0m"
fi
cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$random_time
sed -i "s/$1//g" /etc/ssh/sshd_config
/etc/init.d/sshd restart
print_log "$FUNCNAME():更新sshd_config文件并重启sshd完成."
}
case $1 in
add)
addUser $2;;
look)
lookUp;;
delete)
deleteUser $2;;
*)
echo -e "
秘钥认证用户自动控制\n用法示例: \n1.添加/删除秘钥认证用户: ./account.class.sh add/delete 用户名 \n2.查找可以登陆的用户 ./account.class.sh look";;
esac
标签:
原文地址:http://my.oschina.net/pwd/blog/388254
