利用ssh的sudo提权分发
1.在10.0.0.55上创建用户,添加密码,并且给用户sudo权限
[root@NFS-BACKUP home]# useradd linuxea
[root@NFS-BACKUP home]# echo 123|passwd --stdin linuxea
[root@NFS-BACKUP home]# echo 'linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync'>>/e^C/sudoers
[root@NFS-BACKUP home]# grep linuxea /etc/sudoers
linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync
[root@NFS-BACKUP home]# visudo -c
/etc/sudoers: parsed OK
[root@NFS-BACKUP home]#
2.在10.0.0.52上将秘钥传输过去
[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55
linuxea@10.0.0.55's password:
Now try logging into the machine, with "ssh 'linuxea@10.0.0.55'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[linuxea@NFS-server ~]$
3,在分发端,将文件复制到对方的linuxea家目录
[linuxea@NFS-server ~]$ scp -P22 -r /etc/hosts linuxea@10.0.0.55:~
hosts 100% 182 0.2KB/s 00:00
在对端家目录使用sudo rsync 将文件复制到/etc/
[linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 sudo rsync hosts /etc/
Connection to 10.0.0.55 closed.
[linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 'cat /etc/hosts'
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
10.0.0.52 nfs-server
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Connection to 10.0.0.55 closed.
[linuxea@NFS-server ~]$
4,脚本实现:脚本的实现也需要在远端机器创建用户和visudo授权使用rsync命令1,编辑脚本
[linuxea@NFS-server ~]$ cat sudolocal.sh
#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USAGE:$0 Local->RemoteHost"
exit 1
fi
for n in 53 54 55
do
echo ==========================10.0.0.$n======================
scp -P22 -r $1 linuxea@10.0.0.$n:~ &>/dev/null &&
ssh -t linuxea@10.0.0.$n sudo rsync $1 $2 &>/dev/null
if [ $? -eq 0 ]
then
action "Local->RemoteHost $!" /bin/true
else
action "Local->RemoteHost $!" /bin/false
fi
done
[linuxea@NFS-server ~]$
在root下复制到linuxea的家目录[root@NFS-server ~]# cp /etc/hosts /home/linuxea/切换价目路,把hosts文件发到远端的/etc/下
[root@NFS-server ~]# su - linuxea
[linuxea@NFS-server ~]$ bash sudolocal.sh hosts /etc
==========================10.0.0.53======================
Local->RemoteHost [ OK ]
==========================10.0.0.54======================
Local->RemoteHost [ OK ]
==========================10.0.0.55======================
Local->RemoteHost [ OK ]
[linuxea@NFS-server ~]$
查看
[linuxea@NFS-server ~]$ bash command.sh "cat /etc/hosts"
=========10.0.0.53====================
#test
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
10.0.0.52 nfs-server
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
=========10.0.0.54====================
#test
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
10.0.0.52 nfs-server
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
=========10.0.0.55====================
#test
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
10.0.0.52 nfs-server
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[linuxea@NFS-server ~]$
其它方式:修改rsync权限,不安全chmod 4755 /usr/bin/rsyncscp -P22 -r hosts linuxea@10.0.0.8:~ssh -t linuxea@10.0.0.8 rsync ~/hosts /etc/
