利用Shell開發跳板機功能腳本案例

范例17_6：開發企業級Shell跳板機案例。要求用戶登錄到跳板機僅能執行管理員給定的選項動作，不允許以任何形式中斷腳本到跳板機服務器上執行任何系統命令

方法1：

1）首先做好SSH密鑰驗證（跳板機地址192.168.33.128）。

以下操作命令在所有機器上操作：

1234	[root@oldboy~]#?useradd?jump??#<==要在所有機器上操作。[root@oldboy~]#?echo?123456|passwd?--stdin?jump?#<==要在所有機器上操作。Changingpassword?for?user?jump.passwd:all?authentication?tokens?updated?successfully.

以下操作命令僅在跳板機上操作：

12345678910111213141516171819202122232425

[root@oldboy~]#?su?-?jump[jump@oldboy~]$?ssh-keygen?-t?dsa?-P?''?-f?~/.ssh/id_dsa?>/dev/null?2>&1??#<==生成密鑰對。[jump@oldboy~]$?ssh-copy-id?-i?~/.ssh/id_dsa.pub?192.168.33.130???#<==將公鑰分發到其他服務器。Theauthenticity?of?host?'192.168.33.130?(192.168.33.130)'?can't?be?established.RSA?keyfingerprint?is?fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.Are?yousure?you?want?to?continue?connecting?(yes/no)??yesWarning:Permanently?added?'192.168.33.130'?(RSA)?to?the?list?of?known?hosts.jump@192.168.33.130'spassword:Now?trylogging?into?the?machine,?with?"ssh?'192.168.33.130'",?and?check?in:????.ssh/authorized_keys??to?makesure?we?haven't?added?extra?keys?that?you?weren't?expecting.??[jump@oldboy~]$?ssh-copy-id?-i?~/.ssh/id_dsa.pub?192.168.33.129??#<==將公鑰分發到其他服務器。Theauthenticity?of?host?'192.168.33.129?(192.168.33.129)'?can't?be?established.RSA?keyfingerprint?is?fd:2c:0b:81:b0:95:c3:33:c1:45:6a:1c:16:2f:b3:9a.Are?yousure?you?want?to?continue?connecting?(yes/no)??yesWarning:Permanently?added?'192.168.33.129'?(RSA)?to?the?list?of?known?hosts.jump@192.168.33.129'spassword:Now?trylogging?into?the?machine,?with?"ssh?'192.168.33.129'",?and?check?in:????.ssh/authorized_keys??to?makesure?we?haven't?added?extra?keys?that?you?weren't?expecting.

2）實現傳統的遠程連接菜單選擇腳本

菜單腳本如下：

12345

????????????????cat?<<menu??????????????????1)oldboy-192.168.33.129??????????????????2)oldgirl-192.168.33.130??????????????????3)exitmenu

3）利用linux信號防止用戶中斷信號在跳板機上操作。

123	functiontrapper?()?{????????trap?':'?INT??EXIT?TSTP?TERM?HUP??#<==屏蔽這些信號。}

4）用戶登錄跳板機后即調用腳本（不能命令行管理跳板機），并只能按管理員的要求選單。

以下為實戰內容。

腳本放在跳板機上：

1234567891011121314151617181920212223242526272829303132333435363738394041

[root@oldboy~]#?echo?'[?$UID?-ne?0?]?&&?.?/server/scripts/jump.sh'>/etc/profile.d/jump.sh??[root@oldboy~]#?cat?/etc/profile.d/jump.sh[?$UID-ne?0?]?&&?.?/server/scripts/jump.sh[root@oldboyscripts]#?cat?/server/scripts/jump.sh#!/bin/sh#oldboy?trainingtrapper(){????trap?':'?INT?EXIT?TSTP?TERM?HUP??#<==定義需要屏蔽的信號，冒號表示啥都不做。}main(){while?:do??????trapper??????clear??????cat<<menu???????1)Web01-192.168.33.129???????2)Web02-192.168.33.130menuread?-p"Pls?input?a?num.:"?numcase"$num"?in????1)????????echo?'login?in?192.168.33.129.'????????ssh?192.168.33.129????????;;????2)????????echo?'login?in?192.168.33.130.'????????ssh?192.168.33.130????????;;????110)????????read?-p?"your?birthday:"?char????????if?[?"$char"?=?"0926"];then??????????exit??????????sleep?3????????fi????????;;????*)????????echo?"select?error."????????esacdone}main

執行效果如下：

123456789101112131415161718192021

[root@oldboy~]#?su?-?jump??#<==切到普通用戶即彈出菜單，工作中直接用jump登錄，即彈出菜單。?????1)Web01-192.168.33.129?????2)Web02-192.168.33.130Pls?inputa?num.:?????1)Web01-192.168.33.129?????2)Web02-192.168.33.130Pls?inputa?num.:1??#<==選1進入Web01服務器。login?in192.168.33.129.Lastlogin:?Tue?Oct?11?17:23:52?2016?from?192.168.33.128[jump@littleboy~]$??#<==按ctrl+d退出到跳板機服務器再次彈出菜單。?????1)Web01-192.168.33.129?????2)Web02-192.168.33.130Pls?inputa?num.:2?????#<==選2進入Web02服務器。login?in192.168.33.130.Lastlogin:?Wed?Oct?12?23:30:14?2016?from?192.168.33.128[jump@oldgirl~]$???#<==按ctrl+d退出到跳板機服務器再次彈出菜單。?????1)Web01-192.168.33.129????2)Web02-192.168.33.130Pls?inputa?num.:110????#<==選110進入跳板機命令提示符。yourbirthday:0926??????#<==需要輸入特別碼才能進入的，這里管理員通道，密碼要保密呦。[root@oldboyscripts]#??#<==跳板機管理命令行

轉載于:https://blog.51cto.com/13281352/1971686

總結

以上是生活随笔為你收集整理的shell开发跳板机功能脚本的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。