SSH批量部署服务

1.1在NFS上作为中心分发服务器将私钥分发到其他服务器上

1.1.1NFS部署

 [root@nfs-server ~]# useradd zhurui
[root@nfs-server ~]# echo 123456|passwd --stdin zhurui
Changing password for user zhurui.
passwd: all authentication tokens updated successfully.
创建密码对:
[root@nfs-server ~]# su - zhurui ##切换到zhurui用户下,以后批量分发都在当前用户下,安全考虑
[zhurui@nfs-server ~]$ ssh-keygen -t dsa ##ssh-keygen是生成秘钥的工具,-t参数指建立秘钥的类型,这里建立dsa类型秘钥(还有一种类型的秘钥为RSA,两者加密算法有区别)
Generating public/private dsa key pair.
Enter file in which to save the key (/home/zhurui/.ssh/id_dsa):
Created directory '/home/zhurui/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/zhurui/.ssh/id_dsa.
Your public key has been saved in /home/zhurui/.ssh/id_dsa.pub.
The key fingerprint is:
6f:65:c4:a6:fb:32:45:0c:85:c3:bc:87:8f:a4:ae:bc zhurui@nfs-server
The key's randomart image is:
+--[ DSA 1024]----+
| o o. |
| *. |
| *+ |
| +++ |
| So.=o |
| ...+o |
| . +. |
| . ..o. |
| Eo o. |
+-----------------+
[zhurui@nfs-server ~]$
[zhurui@nfs-server ~]$ ls -l .ssh/
total 8
-rw-------. 1 zhurui zhurui 672 Mar 5 04:23 id_dsa ##私钥
-rw-r--r--. 1 zhurui zhurui 607 Mar 5 04:23 id_dsa.pub ##公钥
将公钥分发给web-lamp01服务器
[zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.12 ##将公钥分发给1.12服务器
The authenticity of host '192.168.1.12 (192.168.1.12)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.12' (RSA) to the list of known hosts.
Nasty PTR record "192.168.1.12" is set up for 192.168.1.12, ignoring
zhurui@192.168.1.12's password:
Permission denied, please try again.
zhurui@192.168.1.12's password:
Now try logging into the machine, with "ssh 'zhurui@192.168.1.12'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [zhurui@nfs-server ~]$

1.1.2 web-lnmp02客户端分发部署

 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.13  ##将公钥分发到1.13服务器
The authenticity of host '192.168.1.13 (192.168.1.13)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.13' (RSA) to the list of known hosts.
Nasty PTR record "192.168.1.13" is set up for 192.168.1.13, ignoring
zhurui@192.168.1.13's password:
Now try logging into the machine, with "ssh 'zhurui@192.168.1.13'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [zhurui@nfs-server ~]$

1.1.3 rsync-backup客户端分发部署

 [zhurui@nfs-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub zhurui@192.168.1.17
The authenticity of host '192.168.1.17 (192.168.1.17)' can't be established.
RSA key fingerprint is d6:e6:e6:2a:c7:df:99:51:bb:f4:90:29:16:df:c4:a5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.17' (RSA) to the list of known hosts.
zhurui@192.168.1.17's password:
Now try logging into the machine, with "ssh 'zhurui@192.168.1.17'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [zhurui@nfs-server ~]$

2.1在NFS上测试

2.1.1 通过ssh命令在当前机器上查看web-lamp01的IP地址

 [zhurui@nfs-server ~]$ ssh -P22 zhurui@192.168.1.12 /sbin/ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:49:CE:B3
inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe49:ceb3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
TX packets:4795 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4806676 (4.5 MiB) TX bytes:484902 (473.5 KiB)
注:在命令执行过程中,跳过输入密码的步骤
接着分发文件测试:
[zhurui@nfs-server ~]$ cp /etc/hosts
hosts hosts.allow hosts.deny
[zhurui@nfs-server ~]$ cp /etc/hosts .
[zhurui@nfs-server ~]$ ll
[zhurui@nfs-server ~]$ scp -P22 hosts zhurui@192.168.1.12:~ ##将当前目录下hosts文件分发到1.12家目录下
hosts 100% 243 0.2KB/s 00:00
[zhurui@nfs-server ~]$ 检查1.12上zhurui家目录下有无hosts文件
[root@lamp01 zhurui]# cat /home/zhurui/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.11 nfs-server
192.168.1.17 backup
192.168.1.12 lamp01
192.168.1.13 lnmp02
[root@lamp01 zhurui]#
通过脚本分发:
[zhurui@nfs-server ~]$ sh fenfa.sh
hosts 100% 257 0.3KB/s 00:00
hosts 100% 257 0.3KB/s 00:00
hosts 100% 257 0.3KB/s 00:00

批量管理脚本:

 #!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
then
echo "USAGE:$0 USAGE|COMMAND"
exit 1
fi
for n in 12 13 17
do
ssh -p22 zhurui@192.168.1.$n $1
done ~

批量分发脚本:

 #!/bin/sh
. /etc/init.d/functions for n in 12 13 17
do
scp -P22 $1 zhurui@192.168.1.$n:~ &>/dev/null
if [ $? -eq 0 ]
then
action "fenfa $1 ok" /bin/true
else
action "fenfa $1 ok" /bin/false
fi
done ~

利用分发脚本分发hosts文件

 [zhurui@nfs-server ~]$ sh fenfa.sh hosts
fenfa hosts ok [ OK ]
fenfa hosts ok [ OK ]
fenfa hosts ok [ OK ]
[zhurui@nfs-server ~]$

优化后的分发脚本

 #!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ]
then
echo "USAGE:$0 {FILENAME|DIRNAME}"
exit 1
fi
for n in 12 13 17
do
scp -P22 -r $1 zhurui@192.168.1.$n:~ &>/dev/null
if [ $? -eq 0 ]
then
action "fenfa $1 ok" /bin/true
else
action "fenfa $1 ok" /bin/false
fi
done

SSH批量部署服务的更多相关文章

  1. jenkins+ant+ssh远程部署服务glassfish

    jenkins安装可以参考官网或自己百度,这里不再说明: jenkins版本2.19.2 这里先说一下目的:主要是通过jenkins实现glassfish的部署,源码使用的是svn,编译是使用ant, ...

  2. docker~不使用yml批量部署服务

    回到目录 有时,我们在进行持续集成环境有时,有时yml环境是没有的,它可能只提供了docker工具,而docker-compose这个大家伙可能不被提供,而这样我们如果希望自动化构建解决方案下所有的项 ...

  3. Linux(11):期中架构(3)--- SSH远程管理服务 & ansible 批量管理服务

    SSH远程管理服务 1. 远程管理服务知识介绍 # 1.1 SSH远程登录服务介绍说明 SSH是Secure Shell Protocol的简写,由 IETF 网络工作小组(Network Worki ...

  4. Linux服务之批量部署篇

    批量部署步骤: 1.检查环境 getenforce               #检查内核防火墙是否关闭 systemctl status firewalld       #检查firewalld是否 ...

  5. Windows server 2008R2部署服务批量安装Windows7教程

    利用Windows server 2008 R2下的Windows部署服务可以批量安装Windows 7,以下简称WDS. WDS需要用到域和dhcp.DNS服务,所以,基础环境必须要有域控制器,dh ...

  6. 使用Cobbler批量部署Linux和Windows:Cobbler服务端部署(一)

    本文记录了我使用Cobbler批量安装部署Linux和Windows系统的过程,文章主要分为三部分:Cobbler服务端的安装配置.Linux发行版CentOS和Ubuntu的自动安装部署.Windo ...

  7. 批量部署ssh私钥认证

    vim  batch_sshkey.sh #!/bin/bashcd /rootcat /root/.ssh/id_rsa.pub > /root/.ssh/authorized_keysfor ...

  8. shell脚本批量部署ssh

    日常运维工作中,需要给几十上百台服务器批量部署软件或者是重启服务器等操作, 这样大量重复性的工作一定很苦恼,本文给大家提供了最基本的批量操作的方法,虽然效率不高,对于初学者来说还是好理解.由于刚开始学 ...

  9. (转)使用Cobbler批量部署Linux和Windows:Cobbler服务端部署(一)

    原文:http://www.cnblogs.com/pluse/p/8316914.html http://blog.51cto.com/dreamway/1166589---------Cobble ...

随机推荐

  1. node之path模块

    node之path模块 原文链接 //引用该模块 var path = require("path"); 1.路径解析,得到规范化的路径格式 对window系统,目录分隔为'', ...

  2. Intellij IDEA 13.1.3 使用Junit4

    作者QQ:1095737364   一.环境配置 安装JUnit插件步骤: File-->settings-->Plguins-->Browse repositories--> ...

  3. 在PC上测试移动端网站和模拟手机浏览器的5大方

    查了很多资料,尝试了大部分方法,下面将这一天的努力总结下分享给大家,也让大家免去看那么多文章,以下介绍的方法,都是本人亲自测试成功的方法,测试环境winxp. 一.Chrome*浏览器 chrome模 ...

  4. mysql交互协议解析——mysql包基础数据、mysql包基本格式

    mysql交互协议是开发mysql周边组件常用的协议,如JDBC,libmysql等等. 在此我们要认识到mysql交互协议其实是半双工的交互协议,至于为什么,这里就先挖个小坑,以后再填. 在探讨my ...

  5. 从零开始编写自己的C#框架(14)——T4模板在逻辑层中的应用(三)

    原本关于T4模板原想分5个章节详细解说的,不过因为最近比较忙,也不想将整个系列时间拉得太长,所以就将它们整合在一块了,可能会有很多细节没有讲到,希望大家自己对着代码与模板去研究. 本章代码量会比较大, ...

  6. SQL Server 并行操作优化,避免并行操作被抑制而影响SQL的执行效率

    为什么我也要说SQL Server的并行: 这几天园子里写关于SQL Server并行的文章很多,不管怎么样,都让人对并行操作有了更深刻的认识. 我想说的是:尽管并行操作可能(并不是一定)存在这样或者 ...

  7. HTML基本元素(三)

    1.HTML特殊字符 一些字符在HTML中拥有特殊的含义,比如小于号(<)和大于号(>)用于定义HTML标签.如果我们希望浏览器正确地显示这些字符,我们必须在HTML源码中插入字符实体. ...

  8. 联想 Thinkpad X230 SLIC 2.1 Marker

    等了好久,终于等到了 X230 的 SLIC 2.1 的 Marker !特发帖备份... 基本情况 笔记本:Lenovo X230(i5+8G+500G) 操作系统:Windows 7 Pro x6 ...

  9. JavaScript 跨域漫游

    前言: 最近在公司做了几个项目都涉及到了iframe,也就是在这些iframe多次嵌套的项目中,我发现之前对iframe的认识还是比较不足的,所以就静下心来,好好整理总结了iframe的相关知识:&l ...

  10. SHA-256算法

    SHA-.h #ifndef _SHA_256_H #define _SHA_256_H #include<iostream> using namespace std; typedef u ...