说明
代码使用和框架图
Jumper_target_machine_v3.md脚本使用的框架图:
Jumper_target_machine_v3.md脚本作用:
通过Jumper机器来创建Jumper和target机器账号,完成target机器公钥写入,达到从电脑终端免密登录target机器。
Jumper_target_machine_v3.md脚本使用:
-
(1)只能使用root账户执行;
-
(2)Jumper和target机器家目录均指定到/data目录下;
-
(3)临时加载Jumper的root账户公钥到target机器root账户下,脚本执行完之后,自动回收;
-
(4)逻辑判断Jumper和target机器是否存在待创建账号;
Jumper_target_machine_v3.md脚本后期优化:
-
(1)对脚本中全局变量进行优化;
-
(2)对脚本中一些目录定义成全局变量,方便更改和使用;
代码内容
cat Jumper_target_machine.sh
#!/bin/sh
#脚本作用
# This code is used to create and check users on the bigcloud springboard(jumper), while creating and creating users on the target machine.
# The trigger and target home directory is under /data(Jumper和Target机器家目录均在/data目录下)
# Code the author: wutf
# contact: xxxx
# date: 2019-06-12
#加载系统函数库
. /etc/init.d/functions
#输入待创建用户的名字
read -p "Please enter the user you will be checking: " username
#定义判断执行账户函数
function user(){
if [ $UID -ne 0 ];then
action "You are not root!!" /bin/false
exit 2
fi
}
#临时存放Jumper pub到目标机auth
function add_jumper_pub(){
if [ -f /root/.ssh/id_rsa.pub ];then
ssh-copy-id root@ >/dev/null 2>&1
else
cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null && ssh-copy-id root@ >/dev/null 2>&1
fi
}
#清空目标机auth里Jumper pub
function del_jumper_pub(){
root_pub_info=$(cat /root/.ssh/id_rsa.pub)
ssh root@ "sed -i 's#$root_pub_info# #g' /root/.ssh/authorized_keys; sed -i -e s/^' '*//g -e /^$/d -e /^#/d /root/.ssh/authorized_keys"
}
#创建Jumper服务器用户账号
function jumper_add_user(){
useradd -d /data/$username -m $username
sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null; exit"
}
#检查Jumper服务器上是否有待创建账号,如无,则创建
function jumper_check_user(){
check_name=$(grep "$username" /etc/passwd|awk -F : '{print $6}')
if [ -z $check_name ];then
echo -e "\033[31m Jumper user $username is not exist \033[0m"
#action "Jumper starting create $username.......waiting~" /bin/true
echo -e "\033[32m Jumper starting create $username.......waiting~ \033[0m"
#导入jumper_add_user()函数
jumper_add_user
action "Jumper create $username is ok !" /bin/true
else
#action "Jumper user $username is exist" /bin/true
echo -e "\033[32m Jumper user $username is exist \033[0m"
fi
}
#创建Jumper和导入mac/windows本公钥
function id_pub_txt(){
#查看Jumper和mac/windows本公钥文件是否存在
Id_Pub_mac=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/authorized_keys
Id_Pub_Jumper=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/id_rsa.pub
if [ ! -f $Id_Pub_mac ];then
action "Jumper $username mac.pub is not exist" /bin/false
read -p "Please input the mac.pub of print you want: " computer
echo -e "\033[32m the mac.pub will write into authorized file..waiting.... \033[0m"
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys; echo -e $computer >> ~/.ssh/authorized_keys"
action "$username mac.pub has writed into authorized file!" /bin/true
#echo -e "\033[32m $username mac.pub has writed into authorized file! \033[0m"
else
# action "Jumper mac.pub is exist" /bin/true
echo -e "\033[32m Jumper mac.pub is exist \033[0m"
fi
if [ ! -f $Id_Pub_Jumper ];then
echo "Jumper $username jumper.pub is not exist"
#action "Jumper start creating $username pub.......waiting~" /bin/true
echo -e "\033[32m dl1 start creating $username pub.......waiting~ \033[0m"
sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null"
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
action "Jumper create $username pub is OK and Jumper pub has writed into authorized!" /bin/true
#echo -e "\033[32m dl1 create $username pub is OK and dl1_pub has writed into authorized! \033[0m"
else
# action "Jumper $username pub is exist" /bin/true
echo -e "\033[32m Jumper $username pub is exist \033[0m"
echo "$(cat $Id_Pub_mac)" | grep -q "$(cat $Id_Pub_Jumper)"
if [ $? -eq 0 ]; then
echo -e "\033[32m authorized has Jumper pub! \033[0m"
else
sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
fi
action "Jumper pub has writed into authorized!" /bin/true
#echo -e "\033[32m Jumper pub has writed into authorized! \033[0m"
fi
}
#定义Jumper通过ssh登录目标机服务器函数
#在目标机服务器上创建待创建用户
#输入目标机的IP地址
read -p "Please enter the IP address of the target machine you will log into:" ip_array
function ssh_servers(){
read -p "Please enter the create target machine account name: " target_username
#检查目标机用户id
ssh root@ id -u $target_username >/dev/null 2>&1
if [ $? -eq 0 ];then
echo -e "\033[32m 目标机服务器用户 $target_username 已经存在 \033[0m"
else
echo -e "\033[32m 目标机服务器上将创建待创建用户 $target_username \033[0m"
ssh root@ "useradd -d /data/$target_username -m $target_username; exit"
ssh root@ "sudo -S su - $target_username -c 'cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null'"
ssh root@ "sudo -S su - $target_username -c 'touch /data/$target_username/.ssh/authorized_keys && chmod 600 /data/$target_username/.ssh/authorized_keys;exit'"
action "标机服务器上待创建用户 $target_username 创建完毕!" /bin/true
fi
}
#拷贝Jumper上authorized_keys文件至目标机服务器待创建账户并更改所属主组
function scp_authorized(){
scp -q /data/$username/.ssh/authorized_keys root@:/data/$target_username/.ssh/auth_tmp
ssh root@ "chmod 777 /data/$target_username/.ssh/auth_tmp; exit"
ssh -t root@ "sudo -S su - $target_username -c 'cat /data/$target_username/.ssh/auth_tmp >> /data/$target_username/.ssh/authorized_keys && rm -rf /data/$target_username/.ssh/auth_tmp'; exit"
ssh root@ "chown -R $target_username:$target_username /data/$target_username/.ssh; exit"
action "Jumper上authorized_keys文件已传至目标机服务器" /bin/true
}
#总函数执行流程,在Jumper服务器执行
function main(){
user
add_jumper_pub
jumper_check_user
id_pub_txt $computer
ssh_servers
scp_authorized
del_jumper_pub
}
main $*
