SSH (Secure Shell) 是进行跨服务器Linux系统运维(SysOps)管理的核心工具。以下是高效使用SSH进行多服务器管理的专业方法:
# 生成密钥对(客户端)
ssh-keygen -t ed25519 -C "sysops@company"
# 复制公钥到目标服务器
ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server1
Host *
ServerAliveInterval 60
TCPKeepAlive yes
ControlMaster auto
ControlPath ~/.ssh/control:%h:%p:%r
ControlPersist 4h
Compression yes
ForwardAgent yes
Host server1
HostName 192.168.1.10
User sysadmin
Port 2222
IdentityFile ~/.ssh/id_ed25519
# 使用pdsh (Parallel Distributed Shell)
pdsh -w server[1-10],server20 'uptime'
# 使用pssh (Parallel SSH)
pssh -i -h hosts.txt "df -h"
# inventory.ini
[web_servers]
web1 ansible_host=192.168.1.11
web2 ansible_host=192.168.1.12
[db_servers]
db1 ansible_host=192.168.1.21
# 执行命令
ansible all -m ping
ansible web_servers -a "systemctl restart nginx"
# 本地端口转发(访问远程数据库)
ssh -L 63306:db-server:3306 jump-host
# 动态SOCKS代理
ssh -D 1080 bastion-host
# 多跳SSH (使用ProxyJump)
ssh -J user1@bastion1,user2@bastion2 target-server
# 或在~/.ssh/config中配置
Host target-server
ProxyJump bastion1,bastion2
User admin
Port 2222
PermitRootLogin no
PasswordAuthentication no
AllowUsers sysadmin
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
# 安装并配置
apt install fail2ban
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# 编辑jail.local
[sshd]
enabled = true
port = 2222
maxretry = 3
#!/bin/bash
SERVERS=("server1" "server2" "server3")
for server in "${SERVERS[@]}"; do
echo "Updating $server..."
ssh "$server" "
sudo apt update && \
sudo apt upgrade -y && \
sudo apt autoremove -y
"
echo "$server update completed with status $?"
done
#!/bin/bash
DATE=$(date +%Y%m%d)
LOG_DIR="/var/log/remote_logs/$DATE"
mkdir -p "$LOG_DIR"
while read -r server; do
scp "$server:/var/log/syslog" "$LOG_DIR/${server}_syslog"
scp "$server:/var/log/auth.log" "$LOG_DIR/${server}_auth.log"
done < servers.list
通过以上方法,您可以高效、安全地管理跨服务器的Linux系统运维工作。