shell之跳板机

最新推荐文章于 2025-06-10 18:31:47 发布

sunshine1_彤

最新推荐文章于 2025-06-10 18:31:47 发布

阅读量520

点赞数

CC 4.0 BY-SA版权

分类专栏： shell 文章标签：简单跳板机 shell脚本

本文链接：https://blog.youkuaiyun.com/sunshine1_0/article/details/84451147

shell 专栏收录该内容

2 篇文章

订阅专栏

本文介绍了如何利用Shell脚本创建一个简单的跳板机，以保护业务服务器的安全。通过先登录跳板机，再从跳板机连接到应用服务器，避免了直接以root用户登录业务服务器。脚本主要包括打印菜单、读取输入和模式匹配等步骤，并使用密钥认证增强安全性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

在这里插入图片描述

简单小述：
先登录跳板机，再通过跳板机登录到应用服务器，可以保证业务服务器的安全；业务服务器不允许直接连接；通过允许从跳板机连接，业务服务器不允许root用户直接登陆。

实现原理

在这里插入图片描述

脚本流程

打印菜单->读入->模式匹配

脚本内容

#!/usr/bin/bash
#jumpserver
trap " " HUP INT OUIT TSIP
web1=192.168.146.130
web2=
mysql=
clear
while :
do
        cat <<-EOF
        ********************
        *     jumpserver   *
        *     1.web1       *
        *     2.web2       *
        *     3.mysql      *
        ********************
        EOF
        read -p "Please input number: " num
        #echo -en "\e[1;32 Please input number: \e[0m"
        #read num
        case "$num" in
        1)  ssh tong@$web1
                        ;;
        2)  ssh tong@$web2
                        ;;
        3)  ssh tong@$mysql
                        ;;
        q)  quit
            ;;
        "") ;;
        *)  echo "error"
        esac
done

然后进行密钥认证

[root@localhost ~]# ssh-keygen    //创建密钥
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? 
[1]+  Terminated              ./jumpserver.sh
[root@localhost ~]# 
[root@localhost ~]# ssh-copy-id tong@192.168.146.130    // 推送密钥
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys

tong@192.168.146.130's password:
Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'tong@192.168.146.130'"
and check to make sure that only the key(s) you wanted were added.

[root@localhost ~]# ssh tong@192.168.146.130    //连接成功
Last failed login: Sun Nov 25 10:22:24 CST 2018 from 192.168.146.128 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Nov 25 10:13:22 2018
[tong@localhost ~]$ exit
logout
Connection to 192.168.146.130 closed.
//推送成功之后就可以执行脚本文件
[root@localhost ~]# ./jumpserver.sh
********************
*     jumpserver   *
*     1.web1       *
*     2.web2       *
*     3.mysql      *
********************
Please input number: 1
Last login: Sun Nov 25 10:34:07 2018 from 192.168.146.128
[tong@localhost ~]$ 
[tong@localhost ~]$ exit
logout
Connection to 192.168.146.130 closed.
********************
*     jumpserver   *
*     1.web1       *
*     2.web2       *
*     3.mysql      *
********************
Please input number:    //执行成功