複数のRedhatサーバー(約980サーバー)でssh-keyを使用してユーザー認証を確認するスクリプトを作成する必要があります。
ユーザーは、ユーザーIDとプライベートSSHキーの場所のスクリプトを編集できます。
スクリプトは以下を満たす必要があります。
ログインの成功または失敗(パスワードが必要な場合)を確認してログファイルに出力します。
server.txtからサーバーのIP /ホスト名を読み取ります。
サーバーがオフラインの場合はスキップします。
最良のアプローチは何ですか?
答え1
このような:
#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run
# in the log fil, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> logfile
# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do
# Test if the host is up with a simple ping
# Throw away all output.
if ping -c1 "$hostname" > /dev/null 2>/dev/null; then
# We now test if a host is up with a simple command, echo.
# with -o PasswordAuthentication=no, we make sure that password
# authentication is not used. Output the result to the logfile.
if ssh -o PasswordAuthentication=no "$hostname" echo ' '; then
echo "OK - $hostname" >>logfile
else
echo "AArrrghhh $hostname" >> logfile
fi
else
# I assumed you want some idea of how many servers are skipped.
echo "skipped $hostname" >> logfile
fi
done < servers.txt
すばやく書かれているので、少し変更が必要な場合があります。これらのレビューでは、確認すべき事項に関するいくつかのヒントを提供します。
答え2
これは完璧です:-)いくつかの修正しました;-)
private.ppkをprivate.pemに変換します。
$ apt install putty-tools
$ puttygen private.ppk -O private-openssh -o private.pem
$ eval `ssh-agent -s`
$ ssh-add priv_key.pem
スクリプトが完全に実行されます
出力。ログ
root@Pi-3Plus:~# cat output.log
Sat 20 Jul 20:37:51 EEST 2019
SSH-Key Refused - 192.168.1.106
No route to 192.168.4.34
SSH-Key Accepted - 192.168.1.2
No route to 192.168.4.33
SSH-Key Refused - 192.168.1.101
SSH-Key Refused - 192.168.1.195
No route to 192.168.4.39
SSH-Key Accepted - 192.168.1.2
次のコードに修正を追加します。
#!/bin/bash
# I assume "logfile" is the log file. If you just want the last run
# in the log fill, use date> logfile.
# It is always a good idea to get a time stamp in this kind of logs.
date >> output.log
# The read takes the input from servers.txt, which is done at the
# bottom using `done < servers.txt`.
# Some people like to do `cat servers.txt | while read -r hostname ; do`
# but they get negative comments on stackexchange :-)
while read -r hostname ; do
# Test if the host is up with a simple ping
# Throw away all output.
if ping -c1 "$hostname" > /dev/null 2>/dev/null; then
# We now test if a host is up with a simple command, echo.
# with -o PasswordAuthentication=no, we make sure that password
# authentication is not used. Output the result to the logfile.
if ssh -l ADDUSERHERE -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o PasswordAuthentication=no -n "$hostname" echo ''; then
echo "SSH-Key Accepted - $hostname" >>output.log
else
echo "SSH-Key Refused - $hostname" >> output.log
fi
else
# I assumed you want some idea of how many servers are skipped.
echo "No route to $hostname" >> output.log
fi
done < servers.txt