前提条件

1、准备172.16.1.10-backup, 172.16.1.7-lnmp01, 172.16.1.9-nfs-server三台22端口机器，172.16.1.8-lamp01一台8080端口机器（只是个人测试用）

2、查看系统相关信息

[root@backup ~]# cat /etc/redhat-release

CentOS release 6.7 (Final)

[root@backup ~]# uname -r

2.6.32-573.el6.x86_64

[root@backup ~]# uname -m

x86_64

1、检查SSH服务是否安装

[root@backup ~]#rpm -qa openssl openssh

[root@backup ~]#yum install -y openssl

[root@backup ~]#yum install -y openssh

[root@backup ~]#rpm -qa openssl openssh

openssh-5.3p1-111.el6.x86_64

openssl-1.0.1e-42.el6.x86_64

2、检查SSH服务是否开启

[root@backup ~]# /etc/init.d/sshd status

openssh-daemon (pid 4096) is running...

#如果未开启，那么需要执行下述命令

[root@backup ~]# /etc/init.d/sshd start

3、为所有机器创建用户及密码

[root@backup ~]# useradd oldgirl

[root@backup ~]# tail -1 /etc/passwd

oldgirl: x:503:503::/home/oldgirl:/bin/bash

[root@backup ~]# echo 123456|passwd --stdin oldgirl

[root@backup ~]# id oldgirl

[root@backup ~]# su – oldgirl #其他3台机器也要建同样的用户
[oldgirl@backup ~]$ ll

...............

4、SSH优化

#在root用户下执行

[root@backup ~]# sed -ir '13 iPort 52113\nPermitRootLoginno\nPermitEmptyPasswords no\nUseDNS no\nGSSAPIAuthentication no' /etc/ssh/sshd_config

#一般来讲，如果用户严格的话，那么不让root用户登录，那么需要把PermitRootLogin改为no，现在测试机直接是yes，ssh这个文件默认端口是22，如果要修改端口加上Port 52113，那么在访问这台机器的时候要特殊处理。

5、在backup10机器创建秘钥对

[oldgirl@backup ~]$ ssh-keygen -t dsa#下面的都敲回车即可

Generating public/private dsa key pair.

Enter file in which to save the key(/home/oldgirl/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in/home/oldgirl/.ssh/id_dsa.

Your public key has been saved in/home/oldgirl/.ssh/id_dsa.pub.

The key fingerprint is:

e8:3b:06:99:fe:bc🇨🇦dd:72:2a:c0:24:df:fe:e1:eeoldgirl@backup

The key's randomart p_w_picpath is:

+--[ DSA 1024]----+

| |

| |

| |

|. . . |

| = . o. S |

| + =. |

| + .o |

| .++++. |

| oOE*. |

+-----------------+

[oldgirl@backup ~]$ cat .ssh/#查看秘钥生成的相关文件

authorized_keys id_dsa id_dsa.pub known_hosts

6、backup10机器分发秘钥

#注意：公钥相当于锁，要发给所有机器，私钥相当于钥匙，要留给自己。

#给22端口的7机器和9机器发公钥密钥

[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.7

oldgirl@172.16.1.7's password:

Now try logging into the machine, with "ssh'oldgirl@172.16.1.7'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren'texpecting.

[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub oldgirl@172.16.1.9

oldgirl@172.16.1.9's password:

Now try logging into the machine, with "ssh'oldgirl@172.16.1.9'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren'texpecting.

#查看7、9两台机器生成的密钥

[oldgirl@lnmp01 ~]$ ls -l ~/.ssh/authorized_keys#相当于id_dsa.pub****，只是换了个名****

-rw------- 1 oldgirl oldgirl 604 Jun 5 20:33 /home/oldgirl/.ssh/authorized_keys

[oldgirl@nfs-server ~]$ ls -l ~/.ssh/authorized_keys

-rw------- 1 oldgirl oldgirl 604 Jun 5 20:34 /home/oldgirl/.ssh/authorized_keys

#给8080端口8机器发密钥,仅仅是个人测试端口使用

[oldgirl@backup ~]$ ssh-copy-id -i ~/.ssh/id_dsa.pub"-p 8080 oldgirl@172.16.1.8"

The authenticity of host '[172.16.1.8]:8080([172.16.1.8]:8080)' can't be established.

RSA key fingerprint is85:f0:47:99:b8:f7:f4:23:c4:a8:db:e6🇦🇨d3:dd:f3.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '[172.16.1.8]:8080' (RSA) tothe list of known hosts.

oldgirl@172.16.1.8's password:

Now try logging into the machine, with "ssh '-p 8080oldgirl@172.16.1.8'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren'texpecting.

**#查看8机器生成的密钥 **

[oldgirl@lamp01 ~]$ ls -l ~/.ssh/authorized_keys

-rw------- 1 oldgirl oldgirl 604 Jun 7 02:02 /home/oldgirl/.ssh/authorized_keys

7、批量管理

7、1批量管理：在10backup机器分发文件方式一

脚本内容：

[oldgirl@backup ~]$ cat fenfa1.sh

#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 1 ];then
echo"USAGE:$0 filename"
exit 1
fi

for n in 9 7
do
scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null &&
ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /etc/ &>/dev/null
if [ $? -eq 0];then
action"172.16.1.$n" /bin/true
else
action"172.16.1.$n" /bin/false
fi
done

#在10机器的oldgirl下执行，执行这步之前一定要先把密钥/公钥发给其他机器，不然执行这里会让输入密码。

[oldgirl@backup ~]$ /bin/sh fenfa1.sh test1.txt #格式为/bin/sh，脚本名称，要发送的文件名

172.16.1.9 [ OK ]

172.16.1.7 [ OK ]

#查看7和9机器生成的文件

[oldgirl@nfs-server ~]$ ls -l test1.txt

-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt

[oldgirl@lnmp01 ~]$ ls -l test1.txt

-rw-rw-r-- 1 oldgirl oldgirl 0 Jun 7 2016test1.txt

7、2批量管理：在10backup机器分发文件方式二

#在root用户下，在10、7、9机器中加入

[root@backup ~]# cat /etc/sudoers

oldgirl ALL= NOPASSWD: /usr/bin/rsync

脚本内容：

[oldgirl@backup ~]$ cat fenfa.sh

#!/bin/sh
. /etc/init.d/functions
if [ $# -ne 2 ];then
echo"USAGE:$0 filename DST"
exit 1
fi

for n in 9 7
do
scp -P22 -rp $1oldgirl@172.16.1.$n:~ &>/dev/null &&
ssh -p22 -toldgirl@172.16.1.$n sudo rsync ~/$1 /$2/ &>/dev/null
if [ $? -eq 0];then
action"172.16.1.$n" /bin/true
else
action"172.16.1.$n" /bin/false
fi
done

#上述脚本涉及rsync的内容请参考我的另一篇博文

“rsync的配置和以rsync的daemon工作模式传输数据”

#在10机器的oldgirl用户下执行

[oldgirl@backup ~]$ /bin/sh fenfa.sh text2.txt data #注意data这里不要加”/”，脚本里已加，认真认真再认真！ #格式为/bin/sh，脚本名，发送文件名，接收文件目录

172.16.1.9 [ OK ]

172.16.1.7 [ OK ]

#在7和9机器查看结果

[oldgirl@lnmp01 ~]$ ls -l /data/

total 0

-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt

[oldgirl@nfs-server ~]$ ls -l /data/

total 0

-rw-r--r-- 1 root root 0 Jun 8 22:07 text2.txt