非root用户sudo_ssh免密钥

目标：从服务器上ssh登陆后sudo免密钥执行相应的命令环境介绍：192.168.65.128 my1-222192.168.65.129 my2-223192.168.65.130 web224# 步骤一：# 每个节点执行(不是必须，但是建议这样做)cat >>/etc/hosts <<EOF192.168.65.128 my1-222192.168.65.129 my2-223192.168.65.130 web224EOF# 场景介绍# 现在有个删除缓存的操作。需要在192.168.65.128上执行，192.168.65.129和192.168.65.130的相应缓存文件也都一起被删除掉了# 准备工作# 每台机器上都创建一个账号useradd gtuserecho "gtuserpwd" | passwd --stdin gtusercat >>/etc/sudoers << EOFgtuser ALL=NOPASSWD:/bin/rm -f /tmp/global_cache.logEOF# 建立ssh免密钥互信# 因为是从一台集中去执行，所以是单向免密钥su - gtuser# 每个节点都执行ssh-keygen -t rsa # 一路回车# 将公钥添加到认证文件中cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys# 并设置authorized_keys的访问权限chmod 600 ~/.ssh/authorized_keys# 只要在一个节点执行即可。这里在 192.168.65.128上执行ssh 192.168.65.129 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keysssh 192.168.65.130 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys# 分发整合后的文件到其它节点scp ~/.ssh/authorized_keys 192.168.65.129:~/.ssh/scp ~/.ssh/authorized_keys 192.168.65.130:~/.ssh/# 测试时，第一次，需要输入密码，之后就不需要输入密码了。# 在192.168.65.128上测试ssh 192.168.65.129ssh 192.168.65.130# 在192.168.65.129上测试ssh 192.168.65.129ssh 192.168.65.130# 在192.168.65.130上测试ssh 192.168.65.128ssh 192.168.65.129# 删除，重新操作# rm -fr /home/gtuser/.ssh/# 编写脚本测试cat >>/root/delete_cache.log <<EOF#ssh -p 22 -t gtuser@192.168.65.128 "sudo /bin/rm -f /tmp/global_cache.log; echo "/tmp/global_cache.log has been deleted"; echo `date`"ssh -p 22 -t gtuser@192.168.65.128 "sudo /bin/rm -f /tmp/global_cache.log"ssh -p 22 -t gtuser@192.168.65.129 "sudo /bin/rm -f /tmp/global_cache.log"ssh -p 22 -t gtuser@192.168.65.130 "sudo /bin/rm -f /tmp/global_cache.log"EOF# 如果是root用户，类似的操作scp ~/.ssh/authorized_keys gtuser@192.168.65.129:/home/gtuser/.ssh/scp ~/.ssh/authorized_keys gtuser@192.168.65.130:/home/gtuser/.ssh/sh /root/delete_cache.log# 执行结果如下：[root@my1-222 ~]# sh /root/delete_cache.log Connection to 192.168.65.128 closed.Connection to 192.168.65.129 closed.Connection to 192.168.65.130 closed.[root@my1-222 ~]#