ssh命令
适用命令及方案如下:
【远程连接及执行命令】
ssh -p22 root@10.0.0.19
ssh -p22 root@10.0.0.19 /sbin/ifconfig
【远程拷贝:推送及拉取】
scp -P22 -r -p /etc root@10.0.0.19:/tmp/
scp -P22 -r -p root@10.0.0.19:/tmp/ /etc
【安全的FTP功能】
sftp -oPort=22 root@10.0.0.19
利用ssh-v的调试功能查找慢的原因
windows上传下载需要在CRT文件下找到sftp就可以重本地上传东西了
put 上传
get 下载
检查openssh和openssl是否安装
echo '###openssh-openssl###'1>>~/ssh.ok 2>>ssh.bug
rpm -qa opensshopenssl 1>>~/ssh.ok 2>>ssh.bug
限制外网IP
优化:
以下各项开机时已经实现优化:
Port52113
PermitRootLogin no
PermitEmptyPasswords no
UseDNS no
GSSAPIAuthentication no
只允许内网IP172.16.1.61登录
echo '###限制登录内网IP###'1>>~/ssh.ok 2>>ssh.bug
cp /etc/ssh/sshd_config{,.ssh.ori}
ls /etc/ssh/sshd_config.ssh.ori 1>>~/ssh.ok 2>>ssh.bug
sed -i '13a ListenAddress 172.16.1.61:52311'/etc/ssh/sshd_config
sed -n '13,18p'/etc/ssh/sshd_config 1>>~/ssh.ok 2>>ssh.bug
ssh实现批量管理
一键生成密钥:
法一:
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa >/dev/null 2>&1
法二:
echo -e "\n"|ssh-keygen -t dsa -N "" >/dev/null 2>&1
echo '###查看生成密钥情况###'1>>~/ssh.ok 2>>ssh.bug
ls -l ~/.ssh 1>>~/ssh.ok 2>>ssh.bug
分发密钥
echo '###查看生成密钥情况###'1>>~/ssh.ok 2>>ssh.bug
ssh-copy-id -i ~/.ssh/id_dsa.pub [email protected] (默认22端口使用)
ssh-copy-id -i ~/.ssh/id_dsa.pub "-p [email protected]" (改端口使用)
批量分发密钥
批量分发文件
echo '###批量分发文件###'1>>~/ssh.ok 2>>ssh.bug
cat >/home/zhang/scripts/fenfa_file.sh<<EOF
#!/bin/sh
if [ \$# -ne 2 ];then
echo "USAGE:/bin/sh\$0 ARG1 ARG2"
exit 1
fi
. /etc/init.d/functions
for n in 8 31 41
do
scp -P52113 ~/\$1 zhang@172.16.1.\${n}:~ >/dev/null 2>&1&&\\
ssh -p52113 -t zhang@172.16.1.\$n sudo rsync ~/\$1 \$2 >/dev/null 2>&1
if [ \$? -eq 0 ];then
action "fenfa hosts 172.16.1.\$n" /bin/true
else
action "fenfa hosts 172.16.1.\$n" /bin/false
fi
done
EOF
cat fenfa_file.sh 1>>~/ssh.ok 2>>ssh.bug
批量执行命令
echo '###查批量执行命令###'1>>~/ssh.ok 2>>ssh.bug
cat >/home/zhang/scripts/zhixing.sh<<EOF
#!/bin/sh
if [ \$# -ne 1 ];then
echo "USAGE:/bin/sh \$0 ARG1"
exit 1
fi
for n in 8 31 41
do
echo =======172.16.1.\$n========
ssh -p52113 zhang@172.16.1.\$n "\$1"
done
EOF
cat zhixing.sh 1>>~/ssh.ok 2>>ssh.bug
老男孩28期
搭建web01nginx
vim in_nginx.sh
#!/bin/sh
/bin/sh fenfa_file.sh nginx.sh /server/scripts/&&\
/bin/sh zhixing.sh /server/scripts/nginx.sh
vim nginx
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
export PATH
./etc/init.d/functions
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
yum install openssl openssl-devel -y
rpm -qa opensslopenssl-devel
yum install pcre pcre-devel -y
rpm -qa pcre pcre-devel
#######下载nginx并编译安装########
mkdir /install
cd /install
wget -q http://nginx.org/download/nginx-1.6.3.tar.gz
useradd www -s /sbin/nologin -M
tar xf nginx-1.6.3.tar.gz
cd nginx-1.6.3
##############配置################
#########检查##########
echo $?
sleep 5
##########编译安装########
make
make install
ln -s /application/nginx-1.6.3//application/nginx
##########启动##########
/application/nginx/sbin/nginx
##########加入到开机启动##########
echo '/application/nginx/sbin/nginx'>>/etc/rc.local
tail -1/etc/rc.local
ps -ef|grep nginx|grep -v grep
sleep 5
##########nginx优化###########
cd /application/nginx/conf/
cat >nginx.conf<<EOF
worker_processes 1;
error_log logs/error.log;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '\$remote_addr - \$remote_user[\$time_local] "\$request" '
'\$status\$body_bytes_sent "\$http_referer" '
'"\$http_user_agent""\$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
include extra/blog.conf;
include extra/status.conf;
}
EOF
mkdir extra
cd extra
cat >blog.conf<<EOF
server {
listen 80;
server_name blog.etiantian.org;
location /{
root html/blog;
index index.php index.html index.htm;
}
location ~.*\.(php|php5)?\$ {
root html/blog;
fastcgi_pass 127.0.0.1:9000;
fastcgi_indexindex.php;
include fastcgi.conf;
}
access_log logs/access_blog.log main;
}
EOF
cat >status.conf<<EOF
##status
server {
listen 80;
server_name status.etiantian.org;
location /{
stub_status on;
access_log off;
allow 10.0.0.0/24;
deny all;
}
}
EOF
mkdir /application/nginx/html/blog -p
echo "<\?php phpinfo(); ?>">/application/nginx/html/blog/test_info.php
cat /application/nginx/html/blog/test_info.php
cp /application/nginx/html/index.html/application/nginx/html/blog/
/application/nginx/sbin/nginx -t
/application/nginx/sbin/nginx -s reload
[root@m01 scripts]# cat zhixing.sh
#!/bin/sh
if[ $# -ne 1 ];then
echo "USAGE:/bin/sh $0 ARG1"
exit 1
fi
for n in 8
do
echo =======172.16.1.$n========
ssh -t -p52113 root@172.16.1.$n /bin/sh "$1"
done
[root@m01 scripts]# cat fenfa_file.sh
#!/bin/sh
if[ $# -ne 2 ];then
echo "USAGE:/bin/sh $0 ARG1 ARG2"
exit 1
fi
./etc/init.d/functions
for n in 8
do
scp -P52113 ~/$1 root@172.16.1.${n}:~>/dev/null 2>&1&&\
ssh -p52113 -t root@172.16.1.$n sudo rsync ~/$1 $2 >/dev/null 2>&1
if[ $?-eq 0];then
action "fenfa hosts 172.16.1.$n"/bin/true
else
action "fenfa hosts 172.16.1.$n"/bin/false
fi
done
检查
[root@web01 ~]# lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 4220 root 6u IPv4 18713 0t0 TCP *:http (LISTEN)
nginx 4235 www 6u IPv4 18713 0t0 TCP *:http (LISTEN)