原创 利用Shell开发跳板机功能脚本案例“版权声明:原创作品,如需转载,请注明出处。否则将追究法律责任 先定个小目标,先精通Shell再说!——老男孩利用Shell开发跳板机功能脚本案例范例17_6:开发企业级Shell跳板机案例。要求用户登录到跳板机仅能执行管理员给定的选项动作,不允许以任何形式中断脚本到跳板机服务器上执行任何系统命令。 方法1: 1)首先做好SSH密钥验证(跳板机地址192.168.33.128)。 以下操作命令在所有机器上操作: [root@oldboy~]# useradd jump #<><> 以下操作命令仅在跳板机上操作: [root@oldboy~]# su - jump[jump@oldboy~]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 #<==生成密钥对。[jump@oldboy~]$ ssh-copy-id -i ~>==生成密钥对。[jump@oldboy~]$ ssh-copy-id -i ~><==将公钥分发到其他服务器。theauthenticity of host '192.168.33.130 (192.168.33.130)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes>==将公钥分发到其他服务器。theauthenticity of host '192.168.33.130 (192.168.33.130)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes><==将公钥分发到其他服务器。theauthenticity of host '192.168.33.129 (192.168.33.129)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes>==将公钥分发到其他服务器。theauthenticity of host '192.168.33.129 (192.168.33.129)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes> 2)实现传统的远程连接菜单选择脚本。 菜单脚本如下: cat <> 3)利用linux信号防止用户中断信号在跳板机上操作。 functiontrapper () { trap ':' INT EXIT TSTP TERM HUP #<> 4)用户登录跳板机后即调用脚本(不能命令行管理跳板机),并只能按管理员的要求选单。 以下为实战内容。 脚本放在跳板机上: [root@oldboy~]# echo '[ $UID -ne 0 ] && . /server/scripts/jump.sh'>/etc/profile.d/jump.sh [root@oldboy~]# cat /etc/profile.d/jump.sh[ $UID-ne 0 ] && . /server/scripts/jump.sh[root@oldboyscripts]# cat /server/scripts/jump.sh#!/bin/sh#oldboy trainingtrapper(){ trap ':' INT EXIT TSTP TERM HUP #<><> 执行效果如下: [root@oldboy~]# su - jump #<><><><><><><><> 本文内容来源于:《跟老男孩学linux运维:Shell高级编程实战》,国内最易懂的Shell书籍! 先定个小目标,先精通Shell再说!——老男孩利用Shell开发跳板机功能脚本案例范例17_6:开发企业级Shell跳板机案例。要求用户登录到跳板机仅能执行管理员给定的选项动作,不允许以任何形式中断脚本到跳板机服务器上执行任何系统命令。 方法1: 1)首先做好SSH密钥验证(跳板机地址192.168.33.128)。 以下操作命令在所有机器上操作: [root@oldboy~]# useradd jump #<><> 以下操作命令仅在跳板机上操作: [root@oldboy~]# su - jump[jump@oldboy~]$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1 #<==生成密钥对。[jump@oldboy~]$ ssh-copy-id -i ~>==生成密钥对。[jump@oldboy~]$ ssh-copy-id -i ~><==将公钥分发到其他服务器。theauthenticity of host '192.168.33.130 (192.168.33.130)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes>==将公钥分发到其他服务器。theauthenticity of host '192.168.33.130 (192.168.33.130)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes><==将公钥分发到其他服务器。theauthenticity of host '192.168.33.129 (192.168.33.129)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes>==将公钥分发到其他服务器。theauthenticity of host '192.168.33.129 (192.168.33.129)' can't be established.rsa keyfingerprint is fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.are yousure you want to continue connecting (yes> 2)实现传统的远程连接菜单选择脚本。 菜单脚本如下: cat <> 3)利用linux信号防止用户中断信号在跳板机上操作。 functiontrapper () { trap ':' INT EXIT TSTP TERM HUP #<> 4)用户登录跳板机后即调用脚本(不能命令行管理跳板机),并只能按管理员的要求选单。 以下为实战内容。 脚本放在跳板机上: [root@oldboy~]# echo '[ $UID -ne 0 ] && . /server/scripts/jump.sh'>/etc/profile.d/jump.sh [root@oldboy~]# cat /etc/profile.d/jump.sh[ $UID-ne 0 ] && . /server/scripts/jump.sh[root@oldboyscripts]# cat /server/scripts/jump.sh#!/bin/sh#oldboy trainingtrapper(){ trap ':' INT EXIT TSTP TERM HUP #<><> 执行效果如下: [root@oldboy~]# su - jump #<><><><><><><><> 本文内容来源于:《跟老男孩学linux运维:Shell高级编程实战》,国内最易懂的Shell书籍! - 关注TA,不错过每一篇精彩 - 关注 |
|
来自: 昵称25533110 > 《待分类1》