歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux基礎 >> 關於Linux

shell加LDAP實現跳板機

使用跳板機的目的:我們的服務器都是雲主機,使用的都是aws比較多,而且aws是以私鑰去連接公鑰,連接的方式都是以root權限連接,這樣子的話,開發人員要連接上服務器的話,不可能給root權限直接連吧,否則會對服務器造成很大的威脅.

跳板機實現的思路:使用shell去編寫,賬戶這塊使用LDAP做集中式管理+認證,權限這塊使用sudo集中式控制管理.

LDAP:部署可以使用yum,安裝簡單,不過安裝的目錄和結構都不同於一個位置.

也可以使用編譯安裝,編譯安裝的話,需要一定的時間,期間也會遇到很多錯誤,好處就是可以把編譯的環境統一管理在相同目錄中.

兩者安裝LDAP,遷移的時候,也非常容易.

(1)跳板機實現的過程:LDAP安裝+部署.我管理的LDAP是通過WEB管理工具來管理.

(2)編寫shell菜單

(3)創建普通用戶的私鑰+公鑰,並把公鑰上傳到對端的服務器的目錄底下.

實現的截圖:

 

腳本如下:

[root@localhost jc]# cat tiaoban_deploy.sh 
     
#!/bin/bash 
     
ip=`/sbin/ifconfig eth0|grep "inet addr"|awk -F ":" '{print $2}'|awk '{print $1}'` 
     
current_date=`date +%Y-%m-%d-%H:%M:%S` 
     
dis_manumenu="<ip:${ip}-server>"
     
     
     
user=`echo $USER` 
     
# Source function library. 
     
. /etc/rc.d/init.d/functions 
     
     
     
new_echo () { 
     
     
     
if [ -z "$2" ] 
     
then 
     
    COLOR=33 
     
elif [ $2 == red ] 
     
then 
     
    COLOR=31 
     
elif [ $2 == green ] 
     
then 
     
    COLOR=32 
     
elif [ $2 == blue ] 
     
then 
     
    COLOR=36 
     
elif [ $2 == purple ] 
     
then 
     
    COLOR=35 
     
elif [ $2 == white ] 
     
then 
     
    COLOR=39 
     
else
     
    echo new_echo function use error 
     
    exit 
     
fi 
     
     
     
if [ -z "$4" ] 
     
then 
     
    COLOR1=33 
     
elif [ $4 == red ] 
     
then 
     
    COLOR1=31 
     
elif [ $4 == green ] 
     
then 
     
    COLOR1=32 
     
elif [ $4 == blue ] 
     
then 
     
    COLOR1=36 
     
elif [ $4 == purple ] 
     
then 
     
    COLOR1=35 
     
elif [ $4 == white ] 
     
then 
     
    COLOR1=39 
     
else
     
    echo new_echo function use error 
     
    exit 
     
     
     
fi 
     
if [ -z "$3" ] 
     
then 
     
     
     
    echo -en "\\033[1;${COLOR}m""\033[3m$1 \033[0m\n"
     
else
     
    echo -en "\\033[1;${COLOR}m""\033[3m$1 \033[0m\033[70G\\033[1;${COLOR1}m\033[3m $3 \033[0m\n"
     
fi 
     
} 
     
     
     
for signal in `seq 1 1000` 
     
do
     
        trap ':' INT  EXIT TSTP TERM HUP $signal &> /dev/null
     
done 
     
     
     
clear 
     
     
     
for signal in `name` 
     
do
     
        trap trap ':' INT  EXIT TSTP TERM HUP $signal &> /dev/null
     
done 
     
     
     
clear 
     
     
     
     
     
function getchar() 
     
{ 
     
stty cbreak -echo  
     
        dd if=/dev/tty bs=1 count=1 2>/dev/null
     
        stty -cbreak echo  
     
}  
     
     
     
############################################################################### 
     
#while : 
     
#do 
     
name=`cat /opt/username` 
     
        clear 
     
        read -p "請輸入登陸跳板機驗證標識:" name 
     
     
     
repa=`cat /opt/username` 
     
         if [ "$name" ==  "$repa" ];then 
     
             action "認證標識正確,歡迎登陸跳板機。。。。。。。。。。。。。。。。。。。" /bin/true
     
     
     
else
     
         action "對不起,您輸入的認證標識有錯誤,無法登陸跳板機,已退出............" /bin/false
     
         exit  
     
         exit  
     
fi  
     
#        realuser=$(awk '{print $1}' $name)  
     
#        realpass=$(awk '{print $1}' $pass)  
     
#        if [ "$pass" == "$realpass" ]; then 
     
#          echo "歡迎登陸跳板機。。。。。。。。。。。" 
     
#else 
     
#          echo "對不起,您的輸入有錯誤..............." 
     
#fi 
     
#done  
     
     
     
     
     
cat <<EOF 
     
              當前系統時間:$current_date                      
     
              ============================================================================= 
     
              $dis_manumenu 當前使用跳板機用戶:$USER    版本:Versin1.0                          
     
              =============================================================================  
     
              ---------------------------跳板機幫助手冊-------------------------------- 
     
              (1)菜單0選項,是退出整個跳板機. 
     
              (2)菜單1-11選項是服務器列表,這裡只有11台服務器提供選擇. 
     
              (3)跳板機上面服務器包含:郵件系統,redmine,開發應用服務. 
     
              ----------------------------------------------------------------------------- 
     
     
     
              **0)(exit)                                                           
     
              -->[--------------------公司跳板機菜單---------------------]:<--      
     
              **1)redmine-server(8)                    
     
              **2)數據分析打點測試服(18)                                             
     
              **3)測試服(11)                                          
     
              **4)日志測試服I(13)                                   
     
              **5)日志測試服II(22)                                     
     
              **6)測試服I(12)                                     
     
              **7)測試服II(16)                                     
     
              **8)內網SSO服務器(192)                                     
     
              **9)用戶中心開發服(15)                                    
     
              **10)用戶中心QA測試服(23)                                    
     
              **11)用戶中心本地測試服(24)                                  
     
              **12)用戶中心本地測試服(24)                                  
     
              ############################################################################## 
     
              ============================================================================== 
     
EOF 
     
     
     
read -p "請選擇: " num 
     
     
     
     
     
case $num in
     
0) 
     
action "-------------------------exit----------------------------" /bin/true
     
exit 
     
     
     
;; 
     
1) 
     
ip="192.168.3.8"
     
public=/home/$USER 
     
     
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
    new_echo "----------------------------------------------------------------------------------" green 
     
    new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
    new_echo "`date +'%x %X'`                                         " white 
     
    new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
    action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
    ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
sleep 2 
     
      
     
     
     
fi 
     
     
     
;; 
     
2) 
     
     
     
      
     
ip="192.168.3.18"
     
public=/home/$USER 
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip  
     
     
     
fi 
     
;; 
     
     
     
3) 
     
      
     
ip="192.168.3.11"
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
4) 
     
      
     
ip="192.168.3.13"
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
5) 
     
      
     
ip="192.168.3.22"
     
public=/home/$USER 
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
6) 
     
      
     
ip="192.168.3.12"
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
7) 
     
      
     
ip=192.168.3.16 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
8) 
     
      
     
ip=192.168.3.92 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等.............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
;; 
     
     
     
9) 
     
      
     
ip=192.168.3.15 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
10) 
     
      
     
ip=192.168.3.23 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
11) 
     
      
     
ip=192.168.3.24 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
     
     
;; 
     
      
     
12) 
     
      
     
ip=192.168.3.25 
     
public=/home/$USER 
     
     
     
if [ -z $CHECK ] 
     
then 
     
    clear 
     
new_echo "----------------------------------------------------------------------------------" green 
     
new_echo "Connection '$ip'($USER)          " purple "[ SUCCESS ]" green 
     
new_echo "`date +'%x %X'`                                         " white 
     
new_echo "--------------------------------- use ${SECONDS}s -----------------------------------------" green 
     
action 用戶:$user-"現在開始登陸,請稍等..............................." /bin/true
     
ssh -i "/home/$USER/.ssh/id_rsa" $user@$ip 
     
fi 
     
;; 
     
      
     
      
     
*) 
     
clear 
     
action 賬戶:$USER-"您的輸入有誤,已退出,請重新登錄,謝謝................" /bin/true
     
exit 
     
      
     
     
     
;; 
     
esac

作者署名:51cto博客 IMySQL

Copyright © Linux教程網 All Rights Reserved