- 远程连接主机
- 不连接过去,只是执行命令
Port 21987
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
X11Forwarding yes
UseDNS no
Subsystem sftp /usr/libexec/openssh/sftp-server
echo 'oldboy ALL = (ALL) NOPASSWD:/usr/bin/rsync' >>/etc/sudoers
visudo -c #检查语法
78分发机
10.69.213.78
10.69.213.133
10.69.213.134
现在想从133 和144上ssh连接78
在78上把私钥发送到133和134上
scp -P21987 .ssh/id_dsa oldboy@10.69.112.133:~/.ssh
scp -P21987 .ssh/id_dsa oldboy@10.69.112.134:~/.ssh
在78上把公钥替换authorized_keys
ssh-copy-id -i .ssh/id_dsa.pub "-p 21987 oldboy@10.69.112.78"
A想免密码连接B,就把A上的公钥发送到B上,B上显示的是authorized_keys,需要600权限
批量分发文件
(1)78上的hosts文件分发到133、134上oldboy家目录下
#!/bin/bash
. /etc/init.d/functions
if [ $# -ne 1 ]
then
echo "USAGE:$0 FILAENAMEA"
exit 1
fi
for n in 133 134
do
scp -P21987 -rp $1 oldboy@10.69.112.$n:~ &>/dev/null
if [ $? -eq 0 ]
then
action "$n is ok" /bin/true
else
action "$n is fail" /bin/false
fi
done
(2)78上hosts文件分发到133、134的/etc/下
提权分发,不想用root分发
echo "oldboy ALL = (ALL) NOPASSWD:/usr/bin/rsync" >>/etc/sudoers
visudo -c
#!/bin/bash
. /etc/init.d/functions
if [ $# -ne 2 ]
then
echo "USAGE:$0 FileName RemoteDir"
exit 1
fi
for n in 133 134
do
scp -P21987 -rp $1 oldboy@10.69.112.$n:~ &>/dev/null
ssh -p21987 -t oldboy@10.69.112.$n sudo rsync $1 $2
if [ $? -eq 0 ]
then
action "$n is ok" /bin/true
else
action "$n is fail" /bin/false
fi
done
每分钟定时分发hosts文件到所有机器上,并把分发失败的机器信息邮件发送