分享一個shell腳本：經過Jumper機器來建立Jumper和target機器帳號

說明

代碼使用和框架圖

Jumper_target_machine_v3.md腳本使用的框架圖：

Jumper_target_machine_v3.md腳本做用：

經過Jumper機器來建立Jumper和target機器帳號，完成target機器公鑰寫入，達到從電腦終端免密登陸target機器。

Jumper_target_machine_v3.md腳本使用：

• （1）只能使用root帳戶執行；

• （2）Jumper和target機器家目錄均指定到/data目錄下；

• （3）臨時加載Jumper的root帳戶公鑰到target機器root帳戶下，腳本執行完以後，自動回收；

• （4）邏輯判斷Jumper和target機器是否存在待建立帳號；

Jumper_target_machine_v3.md腳本後期優化：

• （1）對腳本中全局變量進行優化；

• （2）對腳本中一些目錄定義成全局變量，方便更改和使用；

代碼內容

cat Jumper_target_machine.sh

#!/bin/sh

#腳本做用
# This code is used to create and check users on the bigcloud springboard(jumper), while creating and creating users on the target machine.
# The trigger and target home directory is under /data(Jumper和Target機器家目錄均在/data目錄下)
# Code the author: wutf
# contact: xxxx
# date: 2019-06-12

#加載系統函數庫
. /etc/init.d/functions

#輸入待建立用戶的名字
read -p "Please enter the user you will be checking: " username

#定義判斷執行帳戶函數
function user(){
    if [ $UID -ne 0 ];then
        action "You are not root！！" /bin/false
        exit 2
    fi
}

#臨時存放Jumper pub到目標機auth
function add_jumper_pub(){
    if [ -f /root/.ssh/id_rsa.pub ];then
        ssh-copy-id root@${ip_array} >/dev/null 2>&1
    else
        cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null && ssh-copy-id root@${ip_array} >/dev/null 2>&1
    fi
}

#清空目標機auth裏Jumper pub
function del_jumper_pub(){
    root_pub_info=$(cat /root/.ssh/id_rsa.pub)
    ssh root@${ip_array} "sed -i 's#$root_pub_info# #g' /root/.ssh/authorized_keys; sed  -i -e s/^' '*//g -e /^$/d -e /^#/d /root/.ssh/authorized_keys"
}

#建立Jumper服務器用戶帳號
function jumper_add_user(){
    useradd -d /data/$username -m $username
    sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null; exit"
}

#檢查Jumper服務器上是否有待建立帳號，如無，則建立
function jumper_check_user(){
    check_name=$(grep "$username" /etc/passwd|awk -F : '{print $6}')
    if [ -z $check_name ];then
        echo -e "\033[31m Jumper user $username is not exist \033[0m"
        #action "Jumper starting create $username.......waiting~" /bin/true
        echo -e "\033[32m Jumper starting create $username.......waiting~ \033[0m"
        #導入jumper_add_user()函數
        jumper_add_user
        action "Jumper create $username is ok !" /bin/true
    else
        #action "Jumper user $username is exist" /bin/true
        echo -e "\033[32m Jumper user $username is exist \033[0m"
    fi
}

#建立Jumper和導入mac/windows本公鑰
function id_pub_txt(){
    #查看Jumper和mac/windows本公鑰文件是否存在
    Id_Pub_mac=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/authorized_keys
    Id_Pub_Jumper=$(grep "$username" /etc/passwd|awk -F":" '{print $6}')/.ssh/id_rsa.pub
    if [ ! -f $Id_Pub_mac ];then
        action "Jumper $username mac.pub is not exist" /bin/false
        read -p "Please input the mac.pub of print you want: " computer
        echo -e "\033[32m the mac.pub will write into authorized file..waiting.... \033[0m"
        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch  ~/.ssh/authorized_keys; echo -e $computer >> ~/.ssh/authorized_keys"
        action "$username mac.pub has writed into authorized file!" /bin/true
       #echo -e "\033[32m $username mac.pub has writed into authorized file! \033[0m"
    else
       # action "Jumper mac.pub is exist" /bin/true
        echo -e "\033[32m Jumper mac.pub is exist \033[0m"
    fi
    if [ ! -f $Id_Pub_Jumper ];then
        echo "Jumper $username jumper.pub is not exist"
       #action "Jumper start creating $username pub.......waiting~" /bin/true
        echo -e "\033[32m dl1 start creating $username pub.......waiting~ \033[0m"
        sudo -S su - $username -c "cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null"
        sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
        action "Jumper create $username pub is OK and Jumper pub has writed into authorized!" /bin/true
        #echo -e "\033[32m dl1 create $username pub is OK and dl1_pub has writed into authorized! \033[0m"
    else
       # action "Jumper $username pub is exist" /bin/true
        echo -e "\033[32m Jumper $username pub is exist \033[0m"
        echo "$(cat $Id_Pub_mac)" | grep -q "$(cat $Id_Pub_Jumper)"
        if [ $? -eq 0 ]; then
            echo -e "\033[32m authorized has Jumper pub! \033[0m"
        else
            sudo -S su - $username -c "[ ! -f ~/.ssh/authorized_keys ] && touch ~/.ssh/authorized_keys || echo $(cat $(grep $username  /etc/passwd|awk -F : '{print $6}')/.ssh/id_rsa.pub) >> ~/.ssh/authorized_keys; chmod 600 ~/.ssh/authorized_keys"
        fi
        action "Jumper pub has writed into authorized!" /bin/true
        #echo -e "\033[32m Jumper pub has writed into authorized! \033[0m"
    fi
}

#定義Jumper經過ssh登陸目標機服務器函數
#在目標機服務器上建立待建立用戶

#輸入目標機的IP地址
read -p "Please enter the IP address of the target machine you will log into：" ip_array

function ssh_servers(){
    read -p "Please enter the create target machine account name: " target_username
    #檢查目標機用戶id
    ssh root@${ip_array} id -u $target_username >/dev/null 2>&1
    if [ $? -eq 0 ];then
        echo -e "\033[32m 目標機服務器用戶 $target_username 已經存在 \033[0m"
    else
        echo -e "\033[32m 目標機服務器上將建立待建立用戶 $target_username \033[0m"
        ssh root@${ip_array} "useradd -d /data/$target_username -m $target_username; exit"
        ssh root@${ip_array} "sudo -S su - $target_username -c 'cat /dev/zero | ssh-keygen -q -N \"\" > /dev/null'"
        ssh root@${ip_array} "sudo -S su - $target_username -c 'touch /data/$target_username/.ssh/authorized_keys && chmod 600 /data/$target_username/.ssh/authorized_keys;exit'"
        action "標機服務器上待建立用戶 $target_username 建立完畢！" /bin/true
    fi
}

#拷貝Jumper上authorized_keys文件至目標機服務器待建立帳戶並更改所屬主組
function scp_authorized(){
    scp -q /data/$username/.ssh/authorized_keys root@${ip_array}:/data/$target_username/.ssh/auth_tmp
    ssh root@${ip_array} "chmod 777 /data/$target_username/.ssh/auth_tmp; exit"
    ssh -t root@${ip_array} "sudo -S su - $target_username -c 'cat /data/$target_username/.ssh/auth_tmp >> /data/$target_username/.ssh/authorized_keys && rm -rf /data/$target_username/.ssh/auth_tmp'; exit"
    ssh root@${ip_array} "chown -R $target_username:$target_username /data/$target_username/.ssh; exit"
    action "Jumper上authorized_keys文件已傳至目標機服務器" /bin/true
}
#總函數執行流程，在Jumper服務器執行
function main(){
    user
    add_jumper_pub
    jumper_check_user
    id_pub_txt $computer
    ssh_servers
    scp_authorized
    del_jumper_pub
}
main $*