ssh使用root拉取和批量执行命令

2023年 7月 15日 56.8k 0

1,文件分发,批量命令执行2,拉取文件

SSH配置文件!GSSAPIAuthentication noUseDNS nossh-copy-id -i .ssh/id_dsa.pub 如果不是22端口ssh-copy-id -i "-p 2222 linuxea@nfs"指定用户做分发:在做之前,通常我们不适用root远程登录,在本次案例中使用root,和非root提权

[root@NFS-server ~]# useradd linuxea
[root@NFS-server ~]# su - linuxea
[linuxea@NFS-server ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/linuxea/.ssh/id_dsa): 
Created directory '/home/linuxea/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/linuxea/.ssh/id_dsa.
Your public key has been saved in /home/linuxea/.ssh/id_dsa.pub.
The key fingerprint is:
1b:3c:32:ee:fa:7e:b7:b5:84:83:42:14:7c:f8:28:f7 linuxea@NFS-server
The key's randomart image is:
+--[ DSA 1024]----+
|     ...         |
|      o..        |
|      .+         |
|    ..o..        |
|     o+.S        |
|     o oE= .     |
|      o o o o    |
|     . .. .+ .   |
|    .++. ....    |
+-----------------+

[linuxea@NFS-server ~]$ ls -l .ssh/
total 8
-rw------- 1 linuxea linuxea 672 Dec 26 01:59 id_dsa---------私钥
-rw-r--r-- 1 linuxea linuxea 608 Dec 26 01:59 id_dsa.pub-----公钥
[linuxea@NFS-server ~]$ 

如果端口不是22:则ssh-copy-id -i id_dsa.pub "ip 2222 root@10.0.0.54"

[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub root@10.0.0.54
The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established.
RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts.
root@10.0.0.54's password: 
Now try logging into the machine, with "ssh 'root@10.0.0.54'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[linuxea@NFS-server ~]$ 

当我们面对小规模时候,使用linux复制一些文件,如hosts,如dns文件都可以使用这样的方式进行发送当把秘钥已经做好了,就可以发送这些文件,可以单台,也可以多台单台:

[linuxea@NFS-server ~]$ scp -P22 /etc/hosts root@10.0.0.55

多台写个简单脚本即可!

[linuxea@NFS-server ~]$ vim hosts.sh
scp -P22 /etc/hosts root@10.0.0.51
echo =====================================
scp -P22 /etc/hosts root@10.0.0.52
echo =====================================
scp -P22 /etc/hosts root@10.0.0.53
echo =====================================
scp -P22 /etc/hosts root@10.0.0.55
[linuxea@NFS-server ~]$ sh hosts.sh

也可以这样:写一个脚本,运行时输入需要复制的文件或目录,,并且打印出结果!如下:如果不输入内容则输出结果!

[linuxea@NFS-server ~]$ vim hosts.sh
#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
        then
         echo "USAGE:$0 {FILE NAME|DIR NAME}"
         exit 1
fi
for n in 53 54 55
do
        scp -P22 -r $1 root@10.0.0.$n:~ &>/dev/null
        if [ $? -eq 0 ]
         then
                action "file put ok $!" /bin/true
        else
                action "file put ok $!" /bin/false
        fi
done

运行脚本,并且输入需要复制的文件路径/etc/hosts

[linuxea@NFS-server ~]$ sh hosts.sh /etc/hosts
file put ok                                                [  OK  ]
file put ok                                                [  OK  ]
file put ok                                                [  OK  ]
[linuxea@NFS-server ~]$ 

如果不输入则提示:

[linuxea@NFS-server ~]$ bash hosts.sh 
USAGE:hosts.sh {FILE NAME|DIR NAME}
[linuxea@NFS-server ~]$ 

优化二:修改上面的脚本进行远程传递参数:

[linuxea@NFS-server ~]$ cat command.sh 
#!/bin/sh
if [ $# -ne 1 ]  
    then
     echo "USAGE:$0 COMMAND"
     exit 1
fi
for n in 53 54 55
do
    ssh -p22 root@10.0.0.$n $1
done

运行并且输出需要传递的参数,用“/sbin/ifconfig eth1"

[linuxea@NFS-server ~]$ sh command.sh "/sbin/ifconfig eth1"
eth1      Link encap:Ethernet  HWaddr 00:0C:29:6A:AB:0F  
          inet addr:10.0.0.53  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fe6a:ab0f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1069 errors:0 dropped:0 overruns:0 frame:0
          TX packets:619 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:98330 (96.0 KiB)  TX bytes:60915 (59.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:88:53:53  
          inet addr:10.0.0.54  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fe88:5353/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1097 errors:0 dropped:0 overruns:0 frame:0
          TX packets:652 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:104498 (102.0 KiB)  TX bytes:64988 (63.4 KiB)

eth1      Link encap:Ethernet  HWaddr 00:0C:29:CE:B5:7D  
          inet addr:10.0.0.55  Bcast:10.0.255.255  Mask:255.255.0.0
          inet6 addr: fe80::20c:29ff:fece:b57d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:730 errors:0 dropped:0 overruns:0 frame:0
          TX packets:354 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:77161 (75.3 KiB)  TX bytes:48873 (47.7 KiB)

[linuxea@NFS-server ~]$ 

查看版本号!

[linuxea@NFS-server ~]$ sh command.sh "cat /etc/redhat-release"
CentOS release 6.6 (Final)
CentOS release 6.6 (Final)
CentOS release 6.6 (Final)
[linuxea@NFS-server ~]$ 

关于错误的权限问题,1,/etc/下的内容大部分是没有写权限的,如果是root则可以,上面则是root权限在使用2, 把需要分发的文件cp到服务器家目录,然后sudo提权复制分发文件到对于的权限目录3, 将操作命令做成suid4, saltstack,puppet等!请输入图片描述

相关文章

服务器端口转发,带你了解服务器端口转发
服务器开放端口,服务器开放端口的步骤
产品推荐:7月受欢迎AI容器镜像来了,有Qwen系列大模型镜像
如何使用 WinGet 下载 Microsoft Store 应用
百度搜索:蓝易云 – 熟悉ubuntu apt-get命令详解
百度搜索:蓝易云 – 域名解析成功但ping不通解决方案

发布评论