01-Jumpserver-shell
Jumpserver 跳板机 - shell 实现 ¶
用户界面 ¶
实现思路 ¶
- 相关文件
# 1. 判断是否有 Jumpserver 用户,无则创建
# 2. 判断是否有 Jumpserver 目录,无则创建
# 3. 判断是否有 dev,ops 登录用户信息文件,无则创建
# 4. 判断是否有 Jumpserver 管理员密码文件,无则创建
# 5. 将相关文件 属主改为 Jumpserver 用户
# 6. 禁止用户 ctrl+c 等强制退出操作。
- 注册界面
# 1. 先输入 管理员密码,错误三次回到主界面
# 2. 输入身份,判断是否用户重名,输入密码二次确认,写入相关身份文件
# 3. 返回主界面
- 登陆界面
# 1. 选择登陆身份
# 2. 输入用户密码认证信息,错误三次回到主界面
# 3. ops 登录机器为 Root 用户,dev 登陆机器为 Ubuntu 用户
jumpserver.sh ¶
#!/bin/bash
trap "" INT TSTP HUP
jump(){
cat > /etc/profile.d/jumpserver.sh <<'EOF'
#!/bin/sh
[ $USER -eq jumpserver ] && bash /jumpserver/jumpserver.sh
EOF
}
id jumpserver &> /dev/null || user=jumpserver ; passwd=jumpserver; home=/data/user/jumpserver; [ -d $home ] || mkdir -p ${home} && useradd -d ${home} -s /bin/bash ${user} && echo ${user}:${passwd} | chpasswd
[ ! -d /jumpserver ] && mkdir /jumpserver
[ ! -f /etc/profile.d/jumpserver.sh ] && jump
[ ! -f /jumpserver/register_ops.txt ] && touch /jumpserver/register_ops.txt
[ ! -f /jumpserver/register_dev.txt ] && touch /jumpserver/register_dev.txt
[ ! -f /jumpserver/admin.txt ] && echo "datarc" >> /jumpserver/admin.txt
chown -R jumpserver.jumpserver /jumpserver
shouye(){
echo -e "\033[5;45m ⣼⣯⠄⣸⣠⣶⣶⣦⣾⠄⡅⡅⠄⠄⠄⠄⡉⠹⠄⡅⠄⠄⠄\033[0m >>> XXXXXXXXXXXXXXXXXXXXXXXXXX <<< \033[5;45m ⠄⠄⠄⡅⠄⠹⡉⠄⠄⠄⠄⡅⡅⠄⣾⣦⣶⣶⣠⣸⠄⣯\033[0m"
echo -e "\033[5;45m ⠿⠿⠶⠿⢿⣿⣿⣿⣿⣦⣤⣄⢀⡅⢠⣾⣛⡉⠄⠄⠄⠸⢀\033[0m \033[5;45m⢀⠸⠄⠄⠄⡉⣛⣾⢠⡅⢀⣄⣤⣦⣿⣿⣿⣿⢿⠿⠶⠿⠿\033[0m"
echo -e "\033[5;45m ⣴⣶⣶⡀⠄⠄⠙⢿⣿⣿⣿⣿⣿⣴⣿⣿⣿⢃⣤⣄⣀⣥⣿\033[0m >>> 欢迎来到 北极光 <<< \033[5;45m⣿⣥⣀⣄⣤⢃⣿⣿⣿⣴⣿⣿⣿⣿⣿⢿⠙⠄⠄⡀⣶⣶⣴\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣧⣀⢀⣠⡌⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠿⣿⣿\033[0m \033[5;45m⣿⣿⠿⠿⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢻⡌⣠⢀⣀⣧⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⣤⣤⣤⣬⣙⣛⢿⣿⣿⣿⣿⣿⣿⡿⣿⣿⡍⠄⠄⢀⣤⣄⠉\033[0m >>>请选择身份 <<< \033[5;45m⠉⣄⣤⢀⠄⠄⡍⣿⣿⡿⣿⣿⣿⣿⣿⣿⢿⣛⣙⣬⣤⣤⣤\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⢇⣿⣿⡷⠶⠶⢿⣿⣿⠇\033[0m \033[5;45m⠇⣿⣿⢿⠶⠶⡷⣿⣿⢇⣿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣿⣿⣿⣿⣿⣽⣿⣿⣿⡇⣿⣿⣿⣿⣿⣿⣷⣶⣥⣴\033[0m 1. 注册 \033[5;45m⣴⣥⣶⣷⣿⣿⣿⣿⣿⣿⡇⣿⣿⣿⣽⣿⣿⣿⣿⣿⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿\033[0m \033[5;45m⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⣻⣿⣿⣧⠙⠛⠛⡭⠅⠒⠦⠭⣭⡻⣿⣿⣿⣿⣿⣿⣿⣿⡿\033[0m 2. 登录 \033[5;45m⡿⣿⣿⣿⣿⣿⣿⣿⣿⡻⣭⠭⠦⠒⠅⡭⠛⠛⠙⣧⣿⣿⣻\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣿⡆⠄⠄⠄⠄⠄⠄⠄⠄⠹⠈⢋⣽⣿⣿⣿⣿⣵⣾\033[0m \033[5;45m⣾⣵⣿⣿⣿⣿⣽⢋⠈⠹⠄⠄⠄⠄⠄⠄⠄⠄⡆⣿⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⣿⣿⣿⣿⣿⠄⣴⣿⣶⣄⠄⣴⣶⠄⢀⣾⣿⣿⣿⣿⣿⣿⠃\033[0m \033[5;45m⠃⣿⣿⣿⣿⣿⣿⣾⢀⠄⣶⣴⠄⣄⣶⣿⣴⠄⣿⣿⣿⣿⣿\033[0m"
echo -e "\033[5;45m ⠛⢿⣿⣿⣿⣦⠁⢿⣿⣿⡄⢿⣿⡇⣸⣿⣿⠿⠛⠁⠄⠄⠄\033[0m \033[5;45m⠄⠄⠄⠁⠛⠿⣿⣿⣸⡇⣿⢿⡄⣿⣿⢿⠁⣦⣿⣿⣿⢿⠛\033[0m"
echo -e "\033[5;45m ⠄⠄⠉⠻⣿⣿⣿⣦⡙⠻⣷⣾⣿⠃⠿⠋⠁⠄⠄⠄⠄⠄⢀\033[0m \033[5;45m⢀⠄⠄⠄⠄⠄⠁⠋⠿⠃⣿⣾⣷⠻⡙⣦⣿⣿⣿⠻⠉⠄⠄\033[0m"
echo -e "\033[5;45m ⣮⣥⠄⠄⠄⠛⢿⣿⣿⡆⣿⡿⠃⠄⠄⠄⠄⠄⠄⠄⣠⣴⣿\033[0m \033[5;45m⣿⣴⣠⠄⠄⠄⠄⠄⠄⠄⠃⡿⣿⡆⣿⣿⢿⠛⠄⠄⠄⣥⣮\033[0m"
echo -e "\033[5;45m ⣼⣯⠄⣸⣠⣶⣶⣦⣾⠄⡅⡅⠄⠄⠄⠄⡉⠹⠄⡅⠄⠄⠄\033[0m \033[5;45m⠄⠄⠄⡅⠄⠹⡉⠄⠄⠄⠄⡅⡅⠄⣾⣦⣶⣶⣠⣸⠄⣯⣼\033[0m"
}
IPX=(
619.231.41.53
61.230.24.204
512.82.6.86
)
OPS_USER=root
DEV_USER=ubuntu
current_date=`date +%Y-%m-%d-%H:%M:%S`
caidan(){
echo -e "\033[32m ================================================================= \033[0m"
echo -e "\033[1;32m""\033[3m User:\033[36m ${USER} \033[0m\033 \033[1;32m\033[3m Version: \033[36m 1.1.1 \033[1;32m\033[3m Date: \033[36m ${current_date}"
echo -e "\033[32m ================================================================= \033[0m"
#echo "\033[1;32m""\033[3m User:\033[36m ${USER} \033[0m\033 \033[1;32m\033[3m Version: \033[36m 1.1.1 \033[1;32m\033[3m Date: \033[36m ${current_date} \033[0m\n \033[0m"
echo -e "\033[32m ---------------------> 跳板机帮助手册 <-------------------------- \033[0m"
echo -e "\033[36m (1)回车或输入"命令菜单"以外的任意字符,是退出跳板机服务"
echo -e "\033[36m (2)命令菜单"0"自定义跳转(即:ssh 任意ip)"
echo -e "\033[36m (3)菜单1以上的选项是服务器列表,这里只有12台服务器提供选择"
echo -e "\033[36m (4)跳板机上面服务器包含:各项目存储服务器,日志服务器,应用服务"
echo -e "\033[32m ----------------> 以下为命令菜单,请选择: <-------------------------- \033[0m"
echo -e "\033[32m -->[-------------------公司服务器菜单---------------------------]:<-- \033[0m"
echo -e "* **1) K8s-master : ${IPX[0]} \033[36m *"
echo -e "* **2) K8s-node1 : ${IPX[1]} \033[36m *"
echo -e "* **2) 北山 : ${IPX[1]} \033[36m *"
echo -e "\033[32m -->[-------------------公司服务器菜单---------------------------]:<-- \033[0m"
}
register_dev(){
while true
do
read -ep "请输入你要注册的账号: " register_dev_user
cat /jumpserver/register_dev.txt |grep -w "账号:${register_dev_user}"&>/dev/null
[ $? -eq 0 ] && echo 账号存在,请重新输入:&& continue
while true
do
read -sp "请输入你账号的密码:" register_dev_passwd1
read -sp "再次输入你账号的密码:" register_dev_passwd2
if [ ! ${register_dev_passwd1} = ${register_dev_passwd2} ];then
echo "与上次密码不一致,请重新输入!!"
continue
else
break
fi
done
echo "账号:${register_dev_user} 密码:${register_dev_passwd2} 身份:dev">> /jumpserver/register_dev.txt
break
done
}
register_ops(){
while true
do
read -ep "请输入你要注册的账号: " register_ops_user
cat /jumpserver/register_ops.txt |grep -w "账号:${register_ops_user}"&>/dev/null
[ $? -eq 0 ] && echo 账号存在,请重新输入:&& continue
while true
do
read -sp "请输入你账号的密码:" register_ops_passwd1
read -sp "再次输入你账号的密码:" register_ops_passwd2
if [ ! ${register_dev_passwd1} = ${register_dev_passwd2} ];then
echo "与上次密码不一致,请重新输入!!"
continue
else
break
fi
done
echo "账号:${register_ops_user} 密码:${register_ops_passwd2} 身份:ops">> /jumpserver/register_ops.txt
break
done
}
# 登陆机器
login_ecs(){
clear
current_date=`date +%Y-%m-%d-%H:%M:%S`
caidan
######################################################################################################
read -ep "请输入你要登陆的节点:" login_ecs_user
case ${login_ecs_user} in
1)
ip=${IPX[0]}
ssh -o StrictHostKeyChecking=no -i /aws/ssh/k8s-test.pem ${USER}@${ip}
;;
2)
ip=${IPX[1]}
ssh -o StrictHostKeyChecking=no -i /aws/ssh/k8s-test.pem ${USER}@${ip}
;;
3)
ip=${IPX[2]}
ssh -o StrictHostKeyChecking=no -i /aws/ssh/guowang.pem ${USER}@${ip}
;;
esac
}
login_dev(){
sum=0
while true
do
let sum++
let exi=3-$sum
[ $sum -gt 3 ] && break
read -ep "请输入你要登陆的账号:" login_dev_user
cat /jumpserver/register_dev.txt |grep -w "账号:${login_dev_user}" >/dev/null 2>&1
read -s -p "请输入你登陆的账号密码:" login_dev_passwd
cat /jumpserver/register_dev.txt |grep -w "账号:${login_dev_user} 密码:$login_dev_passwd" >/dev/null 2>&1
[ ! $? -eq 0 ] && echo 密码错误,请重新输入,$exi 次后,请退回至主菜单 && continue;
# SSH 远程连接 用户名
USER=${DEV_USER}
login_ecs
clear
shouye
break
done
}
login_ops(){
sum=0
while true
do
let sum++
let exi=3-$sum
[ $sum -gt 3 ] && break
read -ep "请输入你要登陆的账号:" login_ops_user
cat /jumpserver/register_ops.txt |grep -w "账号:${login_ops_user}" >/dev/null 2>&1
read -s -p "请输入你登陆的账号密码:" login_ops_passwd
cat /jumpserver/register_ops.txt |grep -w "账号:${login_ops_user} 密码:$login_ops_passwd">/dev/null 2>&1
[ ! $? -eq 0 ] && echo 密码错误,请重新输入,$exi 次后,请退回至主菜单 && continue;
# SSH 远程连接 用户名
USER=${OPS_USER}
login_ecs
clear
shouye
break
done
}
login_user(){
cat<<EOF
1. 运维
2. 开发
0. 返回上一层
EOF
while true
do
read -ep "请输入你要登陆的的身份:[1|2|0]" login_user
case ${login_user} in
1)
login_ops
break
;;
2)
login_dev
break
;;
0)
break
esac
done
}
admin_zhuce() {
cat<<EOF
1. 运维
2. 开发
0. 返回上一层
EOF
}
register(){
sum=0
while true
do
let sum++
let exi=3-$sum
[ $sum -gt 3 ] && break
read -ep "请输入管理员密码:" admin
cat /jumpserver/admin.txt |grep -w "${admin}" >/dev/null 2>&1
[ ! $? -eq 0 ] && echo 密码错误,请重新输入,$exi 次后,请退回至主菜单 && continue;
admin_zhuce
read -ep "请输入你要注册的身份:[1|2|0]" register_user
case ${register_user} in
1)
register_ops
break
;;
2)
register_dev
break
;;
0)
break
esac
done
}
yg(){
cat<<EOF
1. 修改密码
2. 注销用户
3. 返回上一层
EOF
}
#kaishi
clear
while true
do
shouye
read -ep "请输入你需要的服务:[1|2]" num
case $num in
1)
register
clear
;;
2)
login_user
clear
;;
3)
clear
;;
tuichu)
exit
;;
esac
done
本机简单 SSH 主机管理
利用 SSH 与 alias 进行主机管理
- 编写
config主机清单
vim ~/.ssh/config
# AWS
Host h-caddy
HostName <主机名>
User root
IdentityFile <私钥地址>
Port 22
# 华为云
Host h-caddy
HostName <主机名>
User root
IdentityFile <私钥地址>
Port 22
- 配合
alias显示host列表
echo "alias sshlist='grep Host -w /root/.ssh/config'" >> ~/.bashrc echo "alias sshlistip='grep Host -A 2 -w /root/.ssh/config'" >> ~/.bashrc
- 输入
sshlist显示host清单
- 输入以下命令进行主机跳转
ssh google