一、首先做好SSH密鑰驗證(跳板機地址172.16.1.61)
1、以下操作命令在所有機器上操作:
[test@m01 ~]$ useradd test #<==要在所有機器上操作
[test@m01 ~]$ echo 123456|passwd --stdin test #<==要在所有機器上操作
Changingpassword for user test.
passwd:all authentication tokens updated successfully.
2、以下操作命令僅在跳板機上操作:
[root@m01 scripts]# su - test
[test@m01 ~]$ ssh-keygen -t dsa -P '' -f~/.ssh/id_dsa >/dev/null 2>&1
[test@m01 ~]$ sshpass -p123456 ssh-copy-id -i~/.ssh/id_dsa.pub "-o StrictHostKeychecking=no 172.16.1.80"
Warning: Permanently added '172.16.1.80' (RSA) tothe list of known hosts.
Now try logging into the machine, with "ssh'-o StrictHostKeychecking=no 172.16.1.80'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that youweren't expecting.
[test@m01 ~]$ sshpass -p123456 ssh-copy-id -i~/.ssh/id_dsa.pub "-o StrictHostKeychecking=no 172.16.1.81"
Warning: Permanently added '172.16.1.81' (RSA) tothe list of known hosts.
Now try logging into the machine, with "ssh '-oStrictHostKeychecking=no 172.16.1.81'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that youweren't expecting.
3、用戶登錄跳板機後即調用腳本(不能命令行管理跳板機),並只能按管理員的要求選單
3.1、腳本放在跳板機上:
[root@m01 scripts]# echo '[ $UID -ne 0 ] &&. /server/scripts/jump.sh'>/etc/profile.d/jump.sh
[root@m01 scripts]# cat /etc/profile.d/jump.sh
[ $UID -ne 0 ] && . /server/scripts/jump.sh
[root@m01 scripts]# cat jump.sh
#!/bin/bash
trapper(){
trap ':'INT EXIT TSTP TERM HUP 定義需要屏蔽掉信號
}
main(){
while :
do
trapper
clear
cat<<menu 打印菜單
1) lb01-172.16.1.80
2) lb02-172.16.1.81
menu
read -p "Pls input a num.:" num
case "$num" in
1)
echo'login in 172.16.1.80.'
ssh172.16.1.80
;;
2)
echo'login in 172.16.1.81.'
ssh172.16.1.81
;;
110)
read-p "your birthday:" char
if ["$char" = "0926" ];then
exit
sleep 3
fi
;;
*)
echo"select error."
esac
done
}
main
4、執行效果如下:
[root@m01 scripts]# su - test
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:1 輸入1進入172.16.1.80這臺服務器
login in 172.16.1.80.
[test@lb01 ~]$ cat /etc/hosts 查看lb01的hosts文件
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#10.0.0.82 www.tiandi.com
#10.0.0.82 bbs.tiandi.com
#10.0.0.83 www.tiandi.com
#10.0.0.83 bbs.tiandi.com
10.0.0.80 www.tiandi.com
10.0.0.80 bbs.tiandi.com
[test@lb01 ~]$ logout
Connection to 172.16.1.80 closed.
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:2 輸入2進入172.16.1.81這臺服務器
login in 172.16.1.81.
[test@lb02 ~]$ 按ctrl+d返回到菜單
[test@lb02 ~]$ logout 按ctrl+d返回到菜單
Connection to 172.16.1.81 closed.
1)lb01-172.16.1.80
2)lb02-172.16.1.81
Pls input a num.:110 輸入110進入跳板機命令提示符
your birthday:0926 需要輸入特別碼才能進入,這是管理員通道,要保管好這個特別碼
[root@m01 scripts]# 跳板機管理命令