使用 gzexe 快速加密解密文件内容

　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　　作者：尹正杰

版权声明：原创作品，谢绝转载！否则将追究法律责任。

 

 

 

 

 

一.使用sshpass工具编写远程管理脚本

1>.安装依赖包

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# yum -y install sshpassLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.combase                                                                                                                                                                                        | 3.6 kB  00:00:00     extras                                                                                                                                                                                      | 3.4 kB  00:00:00     updates                                                                                                                                                                                     | 3.4 kB  00:00:00     (1/2): extras/7/x86_64/primary_db                                                                                                                                                           | 187 kB  00:00:00     (2/2): updates/7/x86_64/primary_db                                                                                                                                                          | 3.3 MB  00:00:01     Resolving Dependencies--> Running transaction check---> Package sshpass.x86_64 0:1.06-2.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved=================================================================================================================================================================================================================== Package                                           Arch                                             Version                                                 Repository                                        Size===================================================================================================================================================================================================================Installing: sshpass                                           x86_64                                           1.06-2.el7                                              extras                                            21 kTransaction Summary===================================================================================================================================================================================================================Install  1 PackageTotal download size: 21 kInstalled size: 38 kDownloading packages:sshpass-1.06-2.el7.x86_64.rpm                                                                                                                                                               |  21 kB  00:00:00     Running transaction checkRunning transaction testTransaction test succeededRunning transactionWarning: RPMDB altered outside of yum.  Installing : sshpass-1.06-2.el7.x86_64                                                                                                                                                                       1/1   Verifying  : sshpass-1.06-2.el7.x86_64                                                                                                                                                                       1/1 Installed:  sshpass.x86_64 0:1.06-2.el7                                                                                                                                                                                      Complete![root@node101.yinzhengjie.org.cn ~]#

2>.编写脚本

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /usr/local/bin/clientServer.sh #!/bin/bash#@author :yinzhengjie#blog:http://www.cnblogs.com/yinzhengjie#EMAIL:y1053419035@qq.comhost=$1passwd="yinzhengjie"sshpass  -p ${
    passwd} ssh root@${host} -o StrictHostKeyChecking=no[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/clientServer.sh      -rw-r--r--. 1 root root 199 Mar 21 11:11 /usr/local/bin/clientServer.sh[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# chmod +x /usr/local/bin/clientServer.sh [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/clientServer.sh      -rwxr-xr-x. 1 root root 199 Mar 21 11:11 /usr/local/bin/clientServer.sh[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#

3>.测试脚本

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cat /etc/hosts | grep yinzhengjie172.30.1.101 node101.yinzhengjie.org.cn172.30.1.102 node102.yinzhengjie.org.cn172.30.1.103 node103.yinzhengjie.org.cn172.30.1.104 node104.yinzhengjie.org.cn172.30.1.105 node105.yinzhengjie.org.cn172.30.1.106 node106.yinzhengjie.org.cn[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cnLast login: Thu Mar 21 11:07:53 2019 from 172.30.1.101[root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# whoroot     pts/0        2019-03-21 11:13 (172.30.1.101)[root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# exit logoutConnection to node102.yinzhengjie.org.cn closed.[root@node101.yinzhengjie.org.cn ~]#

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# clientServer.sh node103.yinzhengjie.org.cnLast login: Tue Mar 19 13:50:35 2019 from 172.30.1.2[root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# whoroot     pts/0        2019-03-21 11:13 (172.30.1.101)[root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# exit logoutConnection to node103.yinzhengjie.org.cn closed.[root@node101.yinzhengjie.org.cn ~]#

 

二.为脚本加密（使用 gzexe 快速加密解密文件内容）

　　上面我们通过脚本的确是可以远程登陆服务器，细心的小伙伴会发现以上脚本很缺乏安全感，就是密码是都一样才可以使用该脚本！而且在文件中编写脚本的话密码是明文方式保存，稍微会点Linux的人看到后可能会做坏事！因此，我们需要对脚本进行加密操作，这样别人拿到后就没法看到脚本的真实内容啦～

1>.加密脚本

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cd /usr/local/bin/[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 4-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh #!/bin/bash#@author :yinzhengjie#blog:http://www.cnblogs.com/yinzhengjie#EMAIL:y1053419035@qq.comhost=$1passwd="yinzhengjie"sshpass  -p ${
    passwd} ssh root@${host} -o StrictHostKeyChecking=no[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe clientServer.sh clientServer.sh:         20.1%[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh　　　　　　　　　　　　#它是加密后的脚本-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~　　　　　　　　　　　 #之前的脚本内容被写入到该文件中啦！[root@node101.yinzhengjie.org.cn /usr/local/bin]#

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh#!/bin/shskip=44tab='   'nl=''IFS=" $tab$nl"umask=`umask`umask 77gztmpdir=trap 'res=$?  test -n "$gztmpdir" && rm -fr "$gztmpdir"  (exit $res); exit $res' 0 1 2 3 5 10 13 15if type mktemp >/dev/null 2>&1; then  gztmpdir=`mktemp -dt`else  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdirfi || { (exit 127); exit 127; }gztmp=$gztmpdir/$0case $0 in-* | */*'') mkdir -p "$gztmp" && rm -r "$gztmp";;*/*) gztmp=$gztmpdir/`basename "$0"`;;esac || { (exit 127); exit 127; }case `echo X | tail -n +1 2>/dev/null` inX) tail_n=-n;;*) tail_n=;;esacif tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then  umask $umask  chmod 700 "$gztmp"  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &  "$gztmp" ${
    1+"$@"}; res=$?else  echo >&2 "Cannot decompress $0"  (exit 127); res=127fi; exit $res7fe$ient%rver.sLZמpbC*]'Y^v"B

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat clientServer.sh~#!/bin/bash#@author :yinzhengjie#blog:http://www.cnblogs.com/yinzhengjie#EMAIL:y1053419035@qq.comhost=$1passwd="yinzhengjie"sshpass  -p ${
    passwd} ssh root@${host} -o StrictHostKeyChecking=no[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]#

 

2>.测试加密后的脚本

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh-rwxr-xr-x. 1 root root 199 Mar 21 11:24 clientServer.sh~[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cd[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# rm -f /usr/local/bin/clientServer.sh~[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/total 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# clientServer.sh node102.yinzhengjie.org.cnLast login: Thu Mar 21 11:13:48 2019 from 172.30.1.101[root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# whoroot     pts/0        2019-03-21 11:29 (172.30.1.101)[root@node102.yinzhengjie.org.cn ~]# [root@node102.yinzhengjie.org.cn ~]# exit logoutConnection to node102.yinzhengjie.org.cn closed.[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/total 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 clientServer.sh[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# mv /usr/local/bin/clientServer.sh /usr/local/bin/goto[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/total 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto[root@node101.yinzhengjie.org.cn ~]#

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# ll /usr/local/bin/total 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# goto node103.yinzhengjie.org.cnLast login: Thu Mar 21 11:13:59 2019 from 172.30.1.101[root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# whoroot     pts/0        2019-03-21 11:31 (172.30.1.101)[root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# [root@node103.yinzhengjie.org.cn ~]# exit logoutConnection to node103.yinzhengjie.org.cn closed.[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]#

3>.解密脚本

[root@node101.yinzhengjie.org.cn ~]# [root@node101.yinzhengjie.org.cn ~]# cd /usr/local/bin/[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto[root@node101.yinzhengjie.org.cn /usr/local/bin]#[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto #!/bin/shskip=44tab='   'nl=''IFS=" $tab$nl"umask=`umask`umask 77gztmpdir=trap 'res=$?  test -n "$gztmpdir" && rm -fr "$gztmpdir"  (exit $res); exit $res' 0 1 2 3 5 10 13 15if type mktemp >/dev/null 2>&1; then  gztmpdir=`mktemp -dt`else  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdirfi || { (exit 127); exit 127; }gztmp=$gztmpdir/$0case $0 in-* | */*'') mkdir -p "$gztmp" && rm -r "$gztmp";;*/*) gztmp=$gztmpdir/`basename "$0"`;;esac || { (exit 127); exit 127; }case `echo X | tail -n +1 2>/dev/null` inX) tail_n=-n;;*) tail_n=;;esacif tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then  umask $umask  chmod 700 "$gztmp"  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &  "$gztmp" ${
    1+"$@"}; res=$?else  echo >&2 "Cannot decompress $0"  (exit 127); res=127fi; exit $res7fe$ient%rver.sLZמpbC*]'Y^v"B

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 4-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# gzexe -d goto [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto                #被解密后的脚本内容-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~             #加密的文件内容[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]#

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto#!/bin/bash#@author :yinzhengjie#blog:http://www.cnblogs.com/yinzhengjie#EMAIL:y1053419035@qq.comhost=$1passwd="yinzhengjie"sshpass  -p ${
    passwd} ssh root@${host} -o StrictHostKeyChecking=no[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]#

[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# lltotal 8-rwxr-xr-x. 1 root root 199 Mar 21 11:34 goto-rwxr-xr-x. 1 root root 994 Mar 21 11:25 goto~[root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# [root@node101.yinzhengjie.org.cn /usr/local/bin]# cat goto~#!/bin/shskip=44tab='   'nl=''IFS=" $tab$nl"umask=`umask`umask 77gztmpdir=trap 'res=$?  test -n "$gztmpdir" && rm -fr "$gztmpdir"  (exit $res); exit $res' 0 1 2 3 5 10 13 15if type mktemp >/dev/null 2>&1; then  gztmpdir=`mktemp -dt`else  gztmpdir=/tmp/gztmp$$; mkdir $gztmpdirfi || { (exit 127); exit 127; }gztmp=$gztmpdir/$0case $0 in-* | */*'') mkdir -p "$gztmp" && rm -r "$gztmp";;*/*) gztmp=$gztmpdir/`basename "$0"`;;esac || { (exit 127); exit 127; }case `echo X | tail -n +1 2>/dev/null` inX) tail_n=-n;;*) tail_n=;;esacif tail $tail_n +$skip <"$0" | gzip -cd > "$gztmp"; then  umask $umask  chmod 700 "$gztmp"  (sleep 5; rm -fr "$gztmpdir") 2>/dev/null &  "$gztmp" ${
    1+"$@"}; res=$?else  echo >&2 "Cannot decompress $0"  (exit 127); res=127fi; exit $res7fe$ient%rver.sLZמpbC*]'Y^v"B