Saltstack批量添加用户密钥
1、新建用户sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "adduser zhongchong"
2、建立.ssh目录
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "mkdir /home/zhangchong/.ssh/"
3、权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chmod 700 /home/zhangchong/.ssh/"
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown-R zhangchong:zhangchong /home/zhangchong/"
4、下发公钥keys
sudo salt -C "L@tz-relay1,tz-relay2" cp.get_file salt://keys/zhangchong_rsa.pub /home/zhangchong/.ssh/authorized_keys
5、公钥keys权限设置
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run "chown zhangchong:zhangchong/home/zhangchong/.ssh/authorized_keys"
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run “chmod 400/home/zhangchong/.ssh/authorized_keys”
6、加入到sudoer用户组
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo"zhangchongALL=(ALL:ALL) ALL " >>/etc/sudoers'
sudo salt -C "L@tz-relay1,tz-relay2" cmd.run ' echo"zhangchongALL=(ALL) NOPASSWD: ALL " >>/etc/sudoers'
附:有几个坑
1、公钥keys的格式
xshell程序生成的pub_keys格式如下:
---- BEGIN SSH2 PUBLIC KEY ----
Subject: zhchong
Comment: "zhchong1"
ModBitSize: 1024
AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw==
---- END SSH2 PUBLIC KEY ----
需加入ssh才能生效
---- BEGIN SSH2 PUBLIC KEY ----
Subject: zhchong
Comment: "zhchong1"
ModBitSize: 1024
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCnv4uFRaAvXVxI5MUX/JDbQO/4cOVrMiNG
Bj2jqTHKIpy2KgAkNLVRcquRV6bG0lo2w8DvZG6XAnBttPuiFk1CJlPg6qFt9ptO
lYBx11Zhdl73FxP16hyNwwnMxRZE3Bs1VGT9jPERwApAbXOqdDOQxbDZS5DuK47R
9RnevgGrFw== zhchong
---- END SSH2 PUBLIC KEY ----
2、authorized_keys的权限设置
将 authorized_keys 的权限设置为对拥有者只读,其他用户没有任何权限
页:
[1]