1.生成密钥对(需要多少对,生成几次)
1 ssh-keygen -q -t rsa -N "" -f /root/.ssh/id_rsa
2.堡垒机配置
1 1.编写脚本控制堡垒机工作模式: 2 #!/bin/bash 3 4 stty intr undef 5 echo "" 6 echo "" 7 echo -e "q for QUIT\t\texit for QUIT" 8 echo "" 9 10 11 usage () { 12 echo "Error, Please Input Again. " 13 chkip 14 } 15 exit() { 16 exit 0 17 trap "bye bye!" 11 18 } 19 20 chkip () { 21 read -p "Please Enter A Remote IP:" IP 22 [ "$IP" == "exit" ]|| [ "$IP" == "q" ] && exit 23 echo -e "$IP" | grep -q ‘[^0-9.]‘ && usage 24 [ "$IP" == "" ] && usage 25 [ $(echo -e "${IP//./\n}" | wc -l) -ne 4 ] && usage 26 for i in ${IP//./ } ; do 27 [ $((i/8)) -lt 32 ] || usage 28 done 29 } 30 31 chkip 32 echo "ssh to $IP" 33 ssh -p port [email protected]$IP 34 35 stty intr ^c 36 37 cleans() { 38 echo "user cancelled, exit... " 39 } 40 41 trap "{ cleans; }" 1 2 3 6 9 15 42 43 44 45 2.在堡垒机所在用户下添加环境变量,使其登陆后直接执行上述脚本 46 47 vim /home/mc-ops/.bash_profile #添加如下内容 48 49 export PATH 50 sh ~/“上述脚本名字” 51 echo "Good Bye!" 52 logout 53 54 55 3.把生成的密钥对拷贝到堡垒机所在用户的.ssh 目录公钥更名为authorized_keys
3.服务器端限制只允许堡垒机IP登录
1 echo "sshd:堡垒机IP地址" >> /etc/hosts.allow 2 echo "sshd:all" >> /etc/hosts.deny
效果图示:
时间: 2024-10-11 23:25:08