分享一个shell脚本:经过Jumper机器来建立Jumper和target机器帐号

时间  2019-11-11
标签 分享 一个 shell 脚本 经过 jumper 机器 建立 target 帐号 栏目 Unix 繁體版
原文   原文链接

说明

代码使用和框架图

Jumper_target_machine_v3.md脚本使用的框架图:spring

分享一个shell脚本:经过Jumper机器来建立Jumper和target机器帐号

Jumper_target_machine_v3.md脚本做用:shell

经过Jumper机器来建立Jumper和target机器帐号,完成target机器公钥写入,达到从电脑终端免密登陆target机器。windows

Jumper_target_machine_v3.md脚本使用:服务器

  • (1)只能使用root帐户执行;框架

  • (2)Jumper和target机器家目录均指定到/data目录下;ssh

  • (3)临时加载Jumper的root帐户公钥到target机器root帐户下,脚本执行完以后,自动回收;ide

  • (4)逻辑判断Jumper和target机器是否存在待建立帐号;

Jumper_target_machine_v3.md脚本后期优化:函数

  • (1)对脚本中全局变量进行优化;优化

  • (2)对脚本中一些目录定义成全局变量,方便更改和使用;

代码内容

cat Jumper_target_machine.shcode

#!/bin/sh

#脚本做用
# This code is used to create and check users on the bigcloud springboard(jumper), while creating and creating users on the target machine.
# The trigger and target home directory is under /data(Jumper和Target机器家目录均在/data目录下)
# Code the author: wutf
# contact: xxxx
# date: 2019-06-12

#加载系统函数库
. /etc/init.d/functions

#输入待建立用户的名字
read -p "Please enter the user you will be checking: " username

#定义判断执行帐户函数
function user(){
    if [ $UID -ne 0 ];then
        action "You are not root!!" /bin/false
        exit 2
    fi
}

#临时存放Jumper pub到目标机auth
function add_jumper_pub(){
    if [ -f /root/.ssh/id_rsa.pub ];then
        ssh-copy-id root@${ip_array} >/dev/null 2>&1
    else
        cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null && ssh-copy-id root@${ip_array} >/dev/null 2>&1
    fi
}

#清空目标机auth里Jumper pub
function del_jumper_pub(){
    root_pub_info=$(cat /root/.ssh/id_rsa.pub)
    ssh root@${ip_array} "sed -i 's#$root_pub_info# #g' /root/.ssh/authorized_keys; sed  -i -e s/^' '*//g -e /^$/d -e /^#/d /root/.ssh/authorized_keys"
}

#建立Jumper服务器用户帐号
function jumper_add_user(){
    useradd -d /data/$username -m $username
    sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null; exit"
}

#检查Jumper服务器上是否有待建立帐号,如无,则建立
function jumper_check_user(){
    check_name=$(grep "$username" /etc/passwd|awk -F : '{print $6}')
    if [ -z $check_name ];then
        echo -e "\033[31m Jumper user $username is not exist \033[0m"
        #action "Jumper starting create $username.......waiting~" /bin/true
        echo -e "\033[32m Jumper starting create $username.......waiting~ \033[0m"
        #导入jumper_add_user()函数
        jumper_add_user
        action "Jumper create $username is ok !" /bin/true
    else
        #action "Jumper user $username is exist" /bin/true
        echo -e "\033[32m Jumper user $username is exist \033[0m"
    fi
}

#建立Jumper和导入mac/windows本公钥
function id_pub_txt(){
    #查看Jumper和mac/windows本公钥文件是否存在
    Id_Pub_mac=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/authorized_keys
    Id_Pub_Jumper=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/id_rsa.pub
    if [ ! -f $Id_Pub_mac ];then
        action "Jumper $username mac.pub is not exist" /bin/false
        read -p "Please input the mac.pub of print you want: " computer
        echo -e "\033[32m the mac.pub will write into authorized file..waiting.... \033[0m"
        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch  ~/.ssh/authorized_keys; echo -e $computer >> ~/.ssh/authorized_keys"
        action "$username mac.pub has writed into authorized file!" /bin/true
       #echo -e "\033[32m $username mac.pub has writed into authorized file! \033[0m"
    else
       # action "Jumper mac.pub is exist" /bin/true
        echo -e "\033[32m Jumper mac.pub is exist \033[0m"
    fi
    if [ ! -f $Id_Pub_Jumper ];then
        echo "Jumper $username jumper.pub is not exist"
       #action "Jumper start creating $username pub.......waiting~" /bin/true
        echo -e "\033[32m dl1 start creating $username pub.......waiting~ \033[0m"
        sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null"
        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
        action "Jumper create $username pub is OK and Jumper pub has writed into authorized!" /bin/true
        #echo -e "\033[32m dl1 create $username pub is OK and dl1_pub has writed into authorized! \033[0m"
    else
       # action "Jumper $username pub is exist" /bin/true
        echo -e "\033[32m Jumper $username pub is exist \033[0m"
        echo "$(cat $Id_Pub_mac)" | grep -q "$(cat $Id_Pub_Jumper)"
        if [ $? -eq 0 ]; then
            echo -e "\033[32m authorized has Jumper pub! \033[0m"
        else
            sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username  /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
        fi
        action "Jumper pub has writed into authorized!" /bin/true
        #echo -e "\033[32m Jumper pub has writed into authorized! \033[0m"
    fi
}

#定义Jumper经过ssh登陆目标机服务器函数
#在目标机服务器上建立待建立用户

#输入目标机的IP地址
read -p "Please enter the IP address of the target machine you will log into:" ip_array

function ssh_servers(){
    read -p "Please enter the create target machine account name: " target_username
    #检查目标机用户id
    ssh root@${ip_array} id -u $target_username >/dev/null 2>&1
    if [ $? -eq 0 ];then
        echo -e "\033[32m 目标机服务器用户 $target_username 已经存在 \033[0m"
    else
        echo -e "\033[32m 目标机服务器上将建立待建立用户 $target_username \033[0m"
        ssh root@${ip_array} "useradd -d /data/$target_username -m $target_username; exit"
        ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null'"
        ssh root@${ip_array} "sudo -S su - $target_username -c 'touch /data/$target_username/.ssh/authorized_keys && chmod 600 /data/$target_username/.ssh/authorized_keys;exit'"
        action "标机服务器上待建立用户 $target_username 建立完毕!" /bin/true
    fi
}

#拷贝Jumper上authorized_keys文件至目标机服务器待建立帐户并更改所属主组
function scp_authorized(){
    scp -q /data/$username/.ssh/authorized_keys root@${ip_array}:/data/$target_username/.ssh/auth_tmp
    ssh root@${ip_array} "chmod 777 /data/$target_username/.ssh/auth_tmp; exit"
    ssh -t root@${ip_array} "sudo -S su - $target_username -c 'cat /data/$target_username/.ssh/auth_tmp >> /data/$target_username/.ssh/authorized_keys && rm -rf /data/$target_username/.ssh/auth_tmp'; exit"
    ssh root@${ip_array} "chown -R $target_username:$target_username /data/$target_username/.ssh; exit"
    action "Jumper上authorized_keys文件已传至目标机服务器" /bin/true
}
#总函数执行流程,在Jumper服务器执行
function main(){
    user
    add_jumper_pub
    jumper_check_user
    id_pub_txt $computer
    ssh_servers
    scp_authorized
    del_jumper_pub
}
main $*
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程