400多台服务器,一个个加会死人的,发现原来那个猪头全部都加了sudo su,就是不用输密码就可以su,写个脚本遍历服务器加用户算了。。。
padduser.sh
#!/bin/bash
auth_user=hjlong
auth_key=./id_rsa
iplist=./iplist.sample
gpass=./random.pl
new_user_name=ssmax
new_user_pass=1234321
new_user_key_file=./pub
new_user_auth=`$gpass $new_user_pass`
new_user_key=`cat $new_user_key_file`
if test -f $iplist; then
for host in `cat $iplist`; do
link=(`echo $host | awk -F’:’ ‘{print $1,$2}’`);
command=”
if test ! -d /home/$new_user_name; then
useradd -m -p ‘$new_user_auth’ $new_user_name;
else
echo user $new_user_name exist;
fi
if test -e \`grep $new_user_name /etc/sudoers 2>&1\`; then
echo $new_user_name ‘ALL=NOPASSWD: ALL’ >> /etc/sudoers;
fi
if test -d /home/$new_user_name; then
cd /home/$new_user_name
if test ! -f .ssh/authorized_keys; then
mkdir .ssh
echo $new_user_key >> .ssh/authorized_keys
fi
chmod 700 .ssh
chmod 600 .ssh/*
chown -R $new_user_name:$new_user_name .ssh
fi
exit
”
ssh -t -t -o “StrictHostKeyChecking no” -o “ConnectTimeout 5” -p ${link[1]} -i $auth_key $auth_user@${link[0]} 2>&1 “sudo -S su – ” <<EOF
$command
EOF
#echo `ssh -t -t -o “StrictHostKeyChecking no” -o “ConnectTimeout 5” -p ${link[1]} -i $auth_key $auth_user@${link[0]} 2>&1 <<“$command” | sed “s/^/$host –/”`;
done
fi
················································································
生成密码的perl,符合unix crypt和特殊的种子
random.pl
#!/usr/bin/perl
###########################################################
# Written by ssmax
# 31 August, 2008
###########################################################
# This function generates random strings of a given length
sub generate_random_string
{
my $length_of_randomstring=shift;# the length of
# the random string to generate
my @chars=(‘a’..’z’,’A’..’Z’,’0′..’9′);
my $random_string;
foreach (1..$length_of_randomstring)
{
# rand @chars will generate a random
# number between 0 and scalar @chars
$random_string.=$chars[rand @chars];
}
return $random_string;
}
#generate linux password
my $random_string = ‘$1$’.&generate_random_string(8);
print crypt(shift, $random_string);
几个尚未解决的地方,如果用户没有sudo,很麻烦,就变成半自动了,要手工输入密码
本来用sudo -S su – <<EOF
标准输入来做,怎么都可以自动下去的,但是debain会弹出not a tty的错误,redhat就无问题,很郁闷。
ssh那段基本上是试了几百次才试出来的。。。唉。
Leave a Reply