使用跳板機的目的:我們的服務器都是雲主機,使用的都是aws比較多,而且aws是以私鑰去連接公鑰,連接的方式都是以root權限連接,這樣子的話,開發人員要連接上服務器的話,不可能給root權限直接連吧,否則會對服務器造成很大的威脅.
跳板機實現的思路:使用shell去編寫,賬戶這塊使用LDAP做集中式管理+認證,權限這塊使用sudo集中式控制管理.
LDAP:部署可以使用yum,安裝簡單,不過安裝的目錄和結構都不同於一個位置.
也可以使用編譯安裝,編譯安裝的話,需要一定的時間,期間也會遇到很多錯誤,好處就是可以把編譯的環境統一管理在相同目錄中.
兩者安裝LDAP,遷移的時候,也非常容易.
(1)跳板機實現的過程:LDAP安裝+部署.我管理的LDAP是通過WEB管理工具來管理.
(2)編寫shell菜單
(3)創建普通用戶的私鑰+公鑰,並把公鑰上傳到對端的服務器的目錄底下.
實現的截圖:
 
腳本如下:
[root@localhost jc]# cat tiaoban_deploy.sh #!/bin/bash ip=`/sbin/ifconfig eth0|grep "inet addr"|awk -F ":" '{print $2}'|awk '{print $1}'` current_date=`date +%Y-%m-%d-%H:%M:%S` dis_manumenu="<ip:${ip}-server>" user=`echo $USER` # Source function library. . /etc/rc.d/init.d/functions new_echo () { if [ -z "$2" ] then COLOR=33 elif [ $2 == red ] then COLOR=31 elif [ $2 == green ] then COLOR=32 elif [ $2 == blue ] then COLOR=36 elif [ $2 == purple ] then COLOR=35 elif [ $2 == white ] then COLOR=39 else echo new_echo function use error exit fi if [ -z "$4" ] then COLOR1=33 elif [ $4 == red ] then COLOR1=31 elif [ $4 == green ] then COLOR1=32 elif [ $4 == blue ] then COLOR1=36 elif [ $4 == purple ] then COLOR1=35 elif [ $4 == white ] then COLOR1=39 else echo new_echo function use error exit fi if [ -z "$3" ] then echo -en "\\033[1;${COLOR}m""\033[3m$1 \033[0m\n" else echo -en "\\033[1;${COLOR}m""\033[3m$1 \033[0m\033[70G\\033[1;${COLOR1}m\033[3m $3 \033[0m\n" fi } for signal in `seq 1 1000` do trap ':' INT EXIT TSTP TERM HUP $signal &> /dev/null done clear for signal in `name` do trap trap ':' INT EXIT TSTP TERM HUP $signal &> /dev/null done clear function getchar() { stty cbreak -echo dd if=/dev/tty bs=1 count=1 2>/dev/null stty -cbreak echo } ############################################################################### #while : #do name=`cat /opt/username` clear read -p "請輸入登陸跳板機驗證標識:" name repa=`cat /opt/username` if [ "$name" == "$repa" ];then action "認證標識正確,歡迎登陸跳板機。。。。。。。。。。。。。。。。。。。" /bin/true else action "對不起,您輸入的認證標識有錯誤,無法登陸跳板機,已退出............" /bin/false exit exit fi # realuser=$(awk '{print $1}' $name) # realpass=$(awk '{print $1}' $pass) # if [ "$pass" == "$realpass" ]; then # echo "歡迎登陸跳板機。。。。。。。。。。。" #else # echo "對不起,您的輸入有錯誤..............." #fi #done cat <<EOF 當前系統時間:$current_date ============================================================================= $dis_manumenu 當前使用跳板機用戶:$USER 版本:Versin1.0 ============================================================================= ---------------------------跳板機幫助手冊-------------------------------- (1)菜單0選項,是退出整個跳板機. (2)菜單1-11選項是服務器列表,這裡只有11台服務器提供選擇. (3)跳板機上面服務器包含:郵件系統,redmine,開發應用服務. ----------------------------------------------------------------------------- **0)(exit) -->[--------------------公司跳板機菜單---------------------]:<-- **1)redmine-server(8) **2)數據分析打點測試服(18) **3)測試服(11) **4)日志測試服I(13) **5)日志測試服II(22) **6)測試服I(12) **7)測試服II(16) **8)內網SSO服務器(192) **9)用戶中心開發服(15) **10)用戶中心QA測試服(23) **11)用戶中心本地測試服(24) **12)用戶中心本地測試服(24) ############################################################################## ============================================================================== EOF read -p "請選擇: " num case $num in 0) action "-------------------------exit----------------------------" /bin/true exit ;; 1) ip="192.168.3.8" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip sleep 2 fi ;; 2) ip="192.168.3.18" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 3) ip="192.168.3.11" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 4) ip="192.168.3.13" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 5) ip="192.168.3.22" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 6) ip="192.168.3.12" public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 7) ip=192.168.3.16 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 8) ip=192.168.3.92 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等.............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 9) ip=192.168.3.15 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 10) ip=192.168.3.23 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 11) ip=192.168.3.24 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; 12) ip=192.168.3.25 public=/home/$USER if [ -z $CHECK ] then clear new_echo "----------------------------------------------------------------------------------" green new_echo "Connection '$ip'($USER) " purple "[ SUCCESS ]" green new_echo "`date +'%x %X'` " white new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip fi ;; *) clear action 賬戶:$USER-"您的輸入有誤,已退出,請重新登錄,謝謝................" /bin/true exit ;; esac
作者署名:51cto博客 IMySQL