Shulou(Shulou.com)06/02 Report--

IT company enterprise batch distribution\ management solution:

1. A scheme for the most basic use of SSHKEY keys for small and medium-sized enterprises.

two。 Portal PUPPET (complex), required by large enterprises

3. SALTSTACK batch Management (lightweight)

Principles of operation and maintenance: simple, easy to use and efficient

Use SSHKEY scheme to realize password-free login principle:

The requestor has its own generated public key and private key, and the public key is distributed to each client, and the password-free login is realized when the requester connects these clients.

Key classification: DSA and RSA keys

Enter ssh-keygen-t dsa in nfs-server and enter all the way to generate a key pair.

Check the ~ / .ssh directory

Id_dsa is the private key. Id_dsa.pub is the public key.

Public key replication:

If the number is small, it can be satisfied directly with the following command. If there are hundreds, it is recommended to use expect.

Ssh-copy-id-I id_dsa.pub oldgirl@192.168.24.21

By default, port 22 of ssh is used for transmission. If it has been modified, you can add port-p to specify it, for example:

Some of the following functions can be implemented using password-free transfer of files, etc. Some scripts can be executed through this implementation

Do the same thing through a loop:

In which the hosts in the command sh fenfa.sh hosts is assigned to $1

Add, if there is no parameter ($#) to report an error message.

If the number of parameters $# is less than 1, prompt, where $0 represents the name of the script

Realize the effect

Summary of SSH batch distribution and management scheme:

1. Using root to do ssh key Verification

Advantages: simple and easy to use

Disadvantages: poor security, and can not disable root remote connection to this feature.

Enterprise applications: 80% of SMEs.

two。 Use ordinary users such as oldgirl to do it.

The idea is to first copy the files to the server user's home directory, and then sudo takes the right to copy the distributed files to the corresponding permissions directory.

Pros: safety. There is no need to stop the root remote connection feature.

Disadvantages: troublesome configuration

3. Just like scenario 2, except that instead of using sudo, you set suid to authorize fixed commands

Advantages: relative security

Disadvantages: complex, poor security. Anyone can handle commands with suid privileges.

In pursuit of simplicity, choose 1

In pursuit of security, choose 2.

The same function is relatively advanced: puppet,saltstack.

2 practical operation of the solution: #! / bin/sh

. / etc/init.d/functions

If [$#-ne 2]

Then

Echo "USAGE:$0 LOCALFILE REMOTEFILE"

Exit 1

Fi

For n in 21 25 32

Do

Scp-P22-r $1 oldgirl@192.168.24.$n:~ & > / dev/null & &

Ssh-t oldgirl@192.168.24.$n sudo rsync $1 $2 & > / dev/null

If [$?-eq 0]

Then

Action "fenfa $1 ok" / bin/true

Else

Action "fenfa $1 ok" / bin/false

Fi

Done

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.