![SSH 키 여러 서버 확인 [닫기]](https://linux55.com/image/157510/SSH%20%ED%82%A4%20%EC%97%AC%EB%9F%AC%20%EC%84%9C%EB%B2%84%20%ED%99%95%EC%9D%B8%20%5B%EB%8B%AB%EA%B8%B0%5D.png)
여러 Redhat 서버(약 980개 서버)에서 ssh-key를 사용하여 사용자 인증을 확인하는 스크립트를 작성해야 합니다.
사용자는 사용자 ID 및 개인 SSH 키 위치에 대한 스크립트를 편집할 수 있습니다.
스크립트는 다음을 충족해야 합니다.
로그인 성공 또는 실패(비밀번호가 필요한 경우)를 확인하고 로그 파일에 출력합니다.
server.txt에서 서버 IP/호스트 이름을 읽습니다.
서버가 오프라인이면 건너뜁니다.
가장 좋은 접근 방식은 무엇입니까?
답변1
이 같은:
#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run
# in the log fil, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> logfile
# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do
# Test if the host is up with a simple ping
# Throw away all output.
if ping -c1 "$hostname" > /dev/null 2>/dev/null; then
# We now test if a host is up with a simple command, echo.
# with -o PasswordAuthentication=no, we make sure that password
# authentication is not used. Output the result to the logfile.
if ssh -o PasswordAuthentication=no "$hostname" echo ' '; then
echo "OK - $hostname" >>logfile
else
echo "AArrrghhh $hostname" >> logfile
fi
else
# I assumed you want some idea of how many servers are skipped.
echo "skipped $hostname" >> logfile
fi
done < servers.txt
빠르게 작성되었으므로 약간의 수정이 필요할 수 있습니다. 이러한 리뷰는 확인해야 할 사항에 대한 몇 가지 힌트를 제공합니다.
답변2
이것은 완벽합니다 :-) 일부 수정했습니다 ;-)
private.ppk를 private.pem으로 변환합니다.
$ apt install putty-tools
$ puttygen private.ppk -O private-openssh -o private.pem
$ eval `ssh-agent -s`
$ ssh-add priv_key.pem
스크립트가 완벽하게 실행됩니다
출력.로그
root@Pi-3Plus:~# cat output.log
Sat 20 Jul 20:37:51 EEST 2019
SSH-Key Refused - 192.168.1.106
No route to 192.168.4.34
SSH-Key Accepted - 192.168.1.2
No route to 192.168.4.33
SSH-Key Refused - 192.168.1.101
SSH-Key Refused - 192.168.1.195
No route to 192.168.4.39
SSH-Key Accepted - 192.168.1.2
다음 코드에 수정 사항을 추가합니다.
#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run
# in the log fill, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> output.log
# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do
# Test if the host is up with a simple ping
# Throw away all output.
if ping -c1 "$hostname" > /dev/null 2>/dev/null; then
# We now test if a host is up with a simple command, echo.
# with -o PasswordAuthentication=no, we make sure that password
# authentication is not used. Output the result to the logfile.
if ssh -l ADDUSERHERE -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o PasswordAuthentication=no -n "$hostname" echo ''; then
echo "SSH-Key Accepted - $hostname" >>output.log
else
echo "SSH-Key Refused - $hostname" >> output.log
fi
else
# I assumed you want some idea of how many servers are skipped.
echo "No route to $hostname" >> output.log
fi
done < servers.txt