#!/bin/bash #author: QingFeng #qq: 530035210 #blog: http://my.oschina.net/pwd/blog #自動添加秘鑰認證用戶 #缺省的配置如下 logdir=/data/log/shell #日志路徑 log=$logdir/shell.log #日志文件 is_font=1 #終端是否打印日志: 1打印 0不打印 is_log=0 #是否記錄日志: 1記錄 0不記錄 random_time=$(date +%Y%m%d_%H%M%S) datef(){ date "+%Y-%m-%d %H:%M:%S" } print_log(){ if [[ $is_log -eq 1 ]];then [[ -d $logdir ]] || mkdir -p $logdir echo "[ $(datef) ] $1" >> $log fi if [[ $is_font -eq 1 ]];then echo -e "[ $(datef) ] $1" fi } #自動生成key addautoKey(){ if [[ ! -f /usr/bin/expect ]];then print_log "$FUNCNAME():不存在expect函數:開始安裝." yum install tcl-devel tcl expect -y -q print_log "$FUNCNAME():expect函數:安裝完成." fi mkdir -p /tmp/ssh_$random_time cd /tmp/ssh_$random_time expect -c " spawn /usr/bin/ssh-keygen -t rsa set timeout -1 expect \"\*id_rsa)\*:\" send \"$1\r\" expect \"\*no passphrase)\*:\" send \"$1\r\" expect \"\*again\*:\" send \"$1\r\" expect eof " > /dev/null num=$(ls /tmp/ssh_$random_time/$1* -l |wc -l) if [[ $num -eq 2 ]];then print_log "$FUNCNAME():該用戶$1秘鑰自動生成完成,路徑: /tmp/ssh_$random_time" else print_log "$FUNCNAME():\033[31m該用戶$1秘鑰自動生成失敗,退出\033[0m" exit fi } #添加用戶 addUser(){ if [[ $1 == "" ]];then print_log "$FUNCNAME():\033[31m用戶名不能為空\033[0m" exit fi strlength=$(expr length $1) if [[ $strlength -lt 5 ]];then print_log "$FUNCNAME():\033[31m用戶名的長度最少大於4,退出\033[0m" exit fi User=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }' |grep "$1") if [[ -z $User ]];then print_log "$FUNCNAME():不存在非系統用戶:$1,開始添加用戶操作." adduser $1 -g 10 [[ -d /home/$1/.ssh ]] || mkdir /home/$1/.ssh addautoKey $1 cp /tmp/ssh_$random_time/$1.pub /home/$1/.ssh/authorized_keys chmod 600 /home/$1/.ssh/authorized_keys chown $1:wheel /home/$1/ -R cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d_%H%M%S) sshdUser=$(cat /etc/ssh/sshd_config |grep "$1") if [[ -z $sshdUser ]];then sed -i "s/AllowUsers/AllowUsers $1/" /etc/ssh/sshd_config /etc/init.d/sshd restart print_log "$FUNCNAME():更新sshd_config文件並重啟sshd完成." else print_log "$FUNCNAME():sshd_config文件中已經存在$1." fi else print_log "$FUNCNAME():已經存在非系統用戶:$1,請確認後在添加." fi } #查找用戶 lookUp(){ loginUser=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }') print_log "$FUNCNAME():如下用戶擁有登陸系統權限:\n\033[32m$loginUser\033[0m" } #刪除用戶 deleteUser(){ if [[ $1 == "" ]];then print_log "$FUNCNAME():\033[31m用戶名不能為空\033[0m" exit fi User=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }' |grep "$1") if [[ ! -z $User ]];then print_log "$FUNCNAME():存在非系統用戶:$1" else print_log "$FUNCNAME():\033[31m不存在非系統用戶:$1,退出\033[0m" exit fi userdel -rf $1 if [[ $? -eq 0 ]];then print_log "$FUNCNAME():刪除非系統用戶:$1成功." else print_log "$FUNCNAME():\033[31m刪除非系統用戶:$1失敗.\033[0m" fi cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$random_time sed -i "s/$1//g" /etc/ssh/sshd_config /etc/init.d/sshd restart print_log "$FUNCNAME():更新sshd_config文件並重啟sshd完成." } case $1 in add) addUser $2;; look) lookUp;; delete) deleteUser $2;; *) echo -e " 秘鑰認證用戶自動控制\n用法示例: \n1.添加/刪除秘鑰認證用戶: ./account.class.sh add/delete 用戶名 \n2.查找可以登陸的用戶 ./account.class.sh look";; esac
改進版,檢測系統是否添加key認證,無則自動添加,批量添加key認證用戶
上圖:
批量添加用戶圖:
#!/bin/bash #author: QingFeng #qq: 530035210 #blog: http://my.oschina.net/pwd/blog #自動添加秘鑰認證用戶 #缺省的配置如下 logdir=/data/log/shell #日志路徑 log=$logdir/shell.log #日志文件 is_font=1 #終端是否打印日志: 1打印 0不打印 is_log=0 #是否記錄日志: 1記錄 0不記錄 random_time=$(date +%Y%m%d_%H%M%S) #定義默認公鑰 default_publicKey="ssh-dss CCCCB3NzaC1kc3MAAACBAJRKD+AyqOD2gtLSAPpbbMEy/VrMW8Z8fof1nyKA9OppiUWUWdVL9iJGDdBzvVB3hb9KZYX1bsns77KrD/VB+8jsCe/62rrsUmxJoUwvWyF2B+cvboxwe5cdXyTawt1bAMHNq8jiWrgSDaR7bplFXD3I6lwYk89I+ofxafXxmZE7AAAAFQCay8NRvgNMxkbExxhMLeRZBK2xpwAAAIEAhUpYCf0STqTUcTSTabQDmfizywG7+ZFSvppJCMrWdobG/+rZ61tN2xGWK4zRP13NJOVcIDaXsQwhhuZbGD8d1tEwGqldBAlTsouJWGiWPMJPhUfjKEFTIHn8ug2zDP/vE7yNgiuMalhn+Fglt+AMG78tiOCn1P7kYVjPeGklr8AAAACAWm3qmqYOiTIMtShfmcIJc06XOPPOjxXzwntN+c8rmy+gZbI6wx4vRwYbldaduMtPn7Q29BqJfcCAy/P7ymVyrX/a2ksWehddk7HdyUHnq9WAX1+MxE4BZq7nV4MHD3Fyn8bay+D76BgQdZjTta3dNXwbA5WdmJnZi68Bk5ZXcjM=" #定義whell組可以無密碼登陸 default_Wheel="%wheel ALL=(ALL) NOPASSWD: ALL" #定義sshd配置文件 default_user="zhangsan" default_sshdConfig=" Protocol 2 SyslogFacility AUTHPRIV StrictModes no RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PermitEmptyPasswords no PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes UseDNS no Subsystem sftp /usr/libexec/openssh/sftp-server AllowUsers $default_user" datef(){ date "+%Y-%m-%d %H:%M:%S" } print_log(){ if [[ $is_log -eq 1 ]];then [[ -d $logdir ]] || mkdir -p $logdir echo "[ $(datef) ] $1" >> $log fi if [[ $is_font -eq 1 ]];then echo -e "[ $(datef) ] $1" fi } #自動生成key addautoKey(){ if [[ ! -f /usr/bin/expect ]];then print_log "$FUNCNAME():不存在expect函數:開始安裝." yum install tcl-devel tcl expect -y -q print_log "$FUNCNAME():expect函數:安裝完成." fi mkdir -p /tmp/ssh_$random_time cd /tmp/ssh_$random_time expect -c " spawn /usr/bin/ssh-keygen -t rsa set timeout -1 expect \"\*id_rsa)\*:\" send \"$1\r\" expect \"\*no passphrase)\*:\" send \"$1\r\" expect \"\*again\*:\" send \"$1\r\" expect eof " > /dev/null num=$(ls /tmp/ssh_$random_time/$1* -l |wc -l) if [[ $num -eq 2 ]];then print_log "$FUNCNAME():該用戶$1秘鑰自動生成完成,路徑: /tmp/ssh_$random_time" else print_log "$FUNCNAME():\033[31m該用戶$1秘鑰自動生成失敗,退出\033[0m" exit fi } #添加用戶 addUser(){ if [[ $1 == "" ]];then print_log "$FUNCNAME():\033[31m用戶名不能為空\033[0m" exit fi strlength=$(expr length $1) if [[ $strlength -lt 5 ]];then print_log "$FUNCNAME():\033[31m用戶名的長度最少大於4,退出\033[0m" exit fi User=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }' |grep "$1") if [[ -z $User ]];then print_log "$FUNCNAME():不存在非系統用戶:$1,開始添加用戶操作." adduser $1 -g 10 addautoKey $1 [[ -d /home/$1/.ssh ]] || mkdir -p /home/$1/.ssh cp /tmp/ssh_$random_time/$1.pub /home/$1/.ssh/authorized_keys chmod 600 /home/$1/.ssh/authorized_keys chown $1:wheel /home/$1/ -R cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d_%H%M%S) sshdUser=$(cat /etc/ssh/sshd_config |egrep -v "^$|^#" |grep "$1") if [[ -z $sshdUser ]];then sed -i "s/AllowUsers/AllowUsers $1/" /etc/ssh/sshd_config /etc/init.d/sshd restart print_log "$FUNCNAME():更新sshd_config文件並重啟sshd完成." else print_log "$FUNCNAME():sshd_config文件中已經存在$1." fi else print_log "$FUNCNAME():已經存在非系統用戶:$1,請確認後在添加." fi } #查找用戶 lookUp(){ loginUser=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }') print_log "$FUNCNAME():如下用戶擁有登陸系統權限:\n\033[32m$loginUser\033[0m" } #刪除用戶 deleteUser(){ if [[ $1 == "" ]];then print_log "$FUNCNAME():\033[31m用戶名不能為空\033[0m" exit fi User=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }' |grep "$1") if [[ ! -z $User ]];then print_log "$FUNCNAME():存在非系統用戶:$1" else print_log "$FUNCNAME():\033[31m不存在非系統用戶:$1,退出\033[0m" exit fi userdel -rf $1 if [[ $? -eq 0 ]];then print_log "$FUNCNAME():刪除非系統用戶:$1成功." else print_log "$FUNCNAME():\033[31m刪除非系統用戶:$1失敗.\033[0m" fi cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$random_time sed -i "s/$1//g" /etc/ssh/sshd_config /etc/init.d/sshd restart print_log "$FUNCNAME():更新sshd_config文件並重啟sshd完成." } #檢查key認證 checkUser(){ if [[ $default_user == "" ]];then print_log "$FUNCNAME():\033[31m用戶名不能為空\033[0m" exit fi strlength=$(expr length $default_user) if [[ $strlength -lt 5 ]];then print_log "$FUNCNAME():\033[31m用戶名的長度最少大於4,退出\033[0m" exit fi User=$(cat /etc/passwd |grep -v "nologin" |awk -F':' '{if ($3> 500) print $1 }' |grep "$default_user") if [[ -z $User ]];then print_log "$FUNCNAME():不存在非系統用戶:$default_user,開始添加用戶操作." adduser $default_user -g 10 [[ -d /home/$default_user/.ssh ]] || mkdir /home/$default_user/.ssh echo $default_publicKey > /home/$default_user/.ssh/authorized_keys chmod 600 /home/$default_user/.ssh/authorized_keys chown $default_user:wheel /home/$default_user/ -R cp /etc/ssh/sshd_config /etc/ssh/sshd_config_$(date +%Y%m%d_%H%M%S) sshdUser=$(cat /etc/ssh/sshd_config |egrep -v "^$|^#"|grep "$default_user") if [[ -z $sshdUser ]];then echo -e "$default_sshdConfig" > /etc/ssh/sshd_config sed -i "s/^$//g" /etc/ssh/sshd_config check_suders=$(cat /etc/sudoers |egrep -v "^#|^$"|grep "%wheel") if [[ -z $check_suders ]];then echo -e "$default_Wheel" >> /etc/sudoers fi /etc/init.d/sshd restart print_log "$FUNCNAME():添加key認證,更新sshd_config文件並重啟sshd完成." else print_log "$FUNCNAME():sshd_config文件中已經存在$default_user." fi else check_sshdnum=1 check_sudersnum=1 check_sshd=$(cat /etc/ssh/sshd_config |egrep -v "^#|^$" |grep "$default_user") if [[ -z $check_sshd ]];then check_sshdnum=0 print_log "已經添加$default_user用戶,但是沒有配置sshd_config" fi check_suders=$(cat /etc/sudoers |egrep -v "^#|^$" |grep "wheel" |grep "NOPASSWD") if [[ -z $check_suders ]];then check_sudersnum=0 print_log "已經添加$default_user用戶,但是沒有配置sudoers" fi if [[ $check_sshdnum -ne 0 && $check_sudersnum -ne 0 ]];then print_log "該服務器已經配置秘鑰認證." fi fi } case $1 in add) addUser $2;; look) lookUp;; delete) deleteUser $2;; check) checkUser ;; *) echo -e " 秘鑰認證用戶自動控制\n用法示例: \n1.添加/刪除秘鑰認證用戶: ./account.class.sh add/delete 用戶名 \n2.查找可以登陸的用戶 ./account.class.sh look\n3.檢測系統是否是key認證,不是則添加key認證 ./account.class.sh check\n(默認增加一個[$default_user]的認證用戶)";; esac原文:http://my.oschina.net/pwd/blog/388254