1.生成密钥对(需要多少对,生成几次)
1 ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa
2.堡垒机配置
1 #!/bin/bash 2 3 stty intr undef 4 echo "" 5 echo "" 6 echo -e "q or exit for QUIT" 7 echo "" 8 echo "Welcome To Jumphost!" 9 10 usage () { 11 echo "Error, Please Input Again. " 12 chkip 13 } 14 exit() { 15 exit 0 16 trap "bye bye!" 11 17 } 18 19 chkip () { 20 read -p "Please Enter A Remote IP:" IP 21 [ "$IP" == "exit" ]|| [ "$IP" == "q" ] && exit 22 echo -e "$IP" | grep -q '[^0-9.]' && usage 23 [ "$IP" == "" ] && usage 24 [ $(echo -e "${IP//./ }" | wc -l) -ne 4 ] && usage 25 for i in ${IP//./ } ; do 26 [ $((i/8)) -lt 32 ] || usage 27 done 28 link 29 } 30 31 link() { 32 echo "ssh to $IP" 33 ssh -p36899 root@$IP 34 chkip 35 } 36 37 38 chkip 39 stty intr ^c 40 41 cleans() { 42 echo "user cancelled, exit... " 43 } 44 45 trap "{ cleans; }" 1 2 3 6 9 15
3.服务器端限制只允许堡垒机IP登录
1 echo "sshd:堡垒机IP地址" >> /etc/hosts.allow 2 echo "sshd:all" >> /etc/hosts.deny
效果图示:
