说明

代码使用和框架图

Jumper_target_machine_v3.md脚本使用的框架图：

Jumper_target_machine_v3.md脚本作用：

通过Jumper机器来创建Jumper和target机器账号，完成target机器公钥写入，达到从电脑终端免密登录target机器。

Jumper_target_machine_v3.md脚本使用：

• （1）只能使用root账户执行；

• （2）Jumper和target机器家目录均指定到/data目录下；

• （3）临时加载Jumper的root账户公钥到target机器root账户下，脚本执行完之后，自动回收；

• （4）逻辑判断Jumper和target机器是否存在待创建账号；

Jumper_target_machine_v3.md脚本后期优化：

• （1）对脚本中全局变量进行优化；

• （2）对脚本中一些目录定义成全局变量，方便更改和使用；

代码内容

cat Jumper_target_machine.sh

#!/bin/sh#脚本作用# This code is used to create and check users on the bigcloud springboard(jumper), while creating and creating users on the target machine.# The trigger and target home directory is under /data(Jumper和Target机器家目录均在/data目录下)# Code the author: wutf# contact: xxxx# date: 2019-06-12#加载系统函数库. /etc/init.d/functions#输入待创建用户的名字read -p "Please enter the user you will be checking: " username#定义判断执行账户函数function user(){    if [ $UID -ne 0 ];then        action "You are not root！！" /bin/false        exit 2    fi}#临时存放Jumper pub到目标机authfunction add_jumper_pub(){    if [ -f /root/.ssh/id_rsa.pub ];then        ssh-copy-id root@${ip_array} >/dev/null 2>&1    else        cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null && ssh-copy-id root@${ip_array} >/dev/null 2>&1    fi}#清空目标机auth里Jumper pubfunction del_jumper_pub(){    root_pub_info=$(cat /root/.ssh/id_rsa.pub)    ssh root@${ip_array} "sed -i 's#$root_pub_info# #g' /root/.ssh/authorized_keys; sed  -i -e s/^' '*//g -e /^$/d -e /^#/d /root/.ssh/authorized_keys"}#创建Jumper服务器用户账号function jumper_add_user(){    useradd -d /data/$username -m $username    sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null; exit"}#检查Jumper服务器上是否有待创建账号，如无，则创建function jumper_check_user(){    check_name=$(grep "$username" /etc/passwd|awk -F : '{print $6}')    if [ -z $check_name ];then        echo -e "\033[31m Jumper user $username is not exist \033[0m"        #action "Jumper starting create $username.......waiting~" /bin/true        echo -e "\033[32m Jumper starting create $username.......waiting~ \033[0m"        #导入jumper_add_user()函数        jumper_add_user        action "Jumper create $username is ok !" /bin/true    else        #action "Jumper user $username is exist" /bin/true        echo -e "\033[32m Jumper user $username is exist \033[0m"    fi}#创建Jumper和导入mac/windows本公钥function id_pub_txt(){    #查看Jumper和mac/windows本公钥文件是否存在    Id_Pub_mac=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/authorized_keys    Id_Pub_Jumper=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/id_rsa.pub    if [ ! -f $Id_Pub_mac ];then        action "Jumper $username mac.pub is not exist" /bin/false        read -p "Please input the mac.pub of print you want: " computer        echo -e "\033[32m the mac.pub will write into authorized file..waiting.... \033[0m"        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch  ~/.ssh/authorized_keys; echo -e $computer >> ~/.ssh/authorized_keys"        action "$username mac.pub has writed into authorized file!" /bin/true       #echo -e "\033[32m $username mac.pub has writed into authorized file! \033[0m"    else       # action "Jumper mac.pub is exist" /bin/true        echo -e "\033[32m Jumper mac.pub is exist \033[0m"    fi    if [ ! -f $Id_Pub_Jumper ];then        echo "Jumper $username jumper.pub is not exist"       #action "Jumper start creating $username pub.......waiting~" /bin/true        echo -e "\033[32m dl1 start creating $username pub.......waiting~ \033[0m"        sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null"        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"        action "Jumper create $username pub is OK and Jumper pub has writed into authorized!" /bin/true        #echo -e "\033[32m dl1 create $username pub is OK and dl1_pub has writed into authorized! \033[0m"    else       # action "Jumper $username pub is exist" /bin/true        echo -e "\033[32m Jumper $username pub is exist \033[0m"        echo "$(cat $Id_Pub_mac)" | grep -q "$(cat $Id_Pub_Jumper)"        if [ $? -eq 0 ]; then            echo -e "\033[32m authorized has Jumper pub! \033[0m"        else            sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username  /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"        fi        action "Jumper pub has writed into authorized!" /bin/true        #echo -e "\033[32m Jumper pub has writed into authorized! \033[0m"    fi}#定义Jumper通过ssh登录目标机服务器函数#在目标机服务器上创建待创建用户#输入目标机的IP地址read -p "Please enter the IP address of the target machine you will log into：" ip_arrayfunction ssh_servers(){    read -p "Please enter the create target machine account name: " target_username    #检查目标机用户id    ssh root@${ip_array} id -u $target_username >/dev/null 2>&1    if [ $? -eq 0 ];then        echo -e "\033[32m 目标机服务器用户 $target_username 已经存在 \033[0m"    else        echo -e "\033[32m 目标机服务器上将创建待创建用户 $target_username \033[0m"        ssh root@${ip_array} "useradd -d /data/$target_username -m $target_username; exit"        ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null'"        ssh root@${ip_array} "sudo -S su - $target_username -c 'touch /data/$target_username/.ssh/authorized_keys && chmod 600 /data/$target_username/.ssh/authorized_keys;exit'"        action "标机服务器上待创建用户 $target_username 创建完毕！" /bin/true    fi}#拷贝Jumper上authorized_keys文件至目标机服务器待创建账户并更改所属主组function scp_authorized(){    scp -q /data/$username/.ssh/authorized_keys root@${ip_array}:/data/$target_username/.ssh/auth_tmp    ssh root@${ip_array} "chmod 777 /data/$target_username/.ssh/auth_tmp; exit"    ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /data/$target_username/.ssh/auth_tmp >> /data/$target_username/.ssh/authorized_keys && rm -rf /data/$target_username/.ssh/auth_tmp'; exit"    ssh root@${ip_array} "chown -R $target_username:$target_username /data/$target_username/.ssh; exit"    action "Jumper上authorized_keys文件已传至目标机服务器" /bin/true}#总函数执行流程，在Jumper服务器执行function main(){    user    add_jumper_pub    jumper_check_user    id_pub_txt $computer    ssh_servers    scp_authorized    del_jumper_pub}main $*