CN103391198A - Data processing method of Linux server cluster accounts - Google Patents
Data processing method of Linux server cluster accounts Download PDFInfo
- Publication number
- CN103391198A CN103391198A CN2013103097023A CN201310309702A CN103391198A CN 103391198 A CN103391198 A CN 103391198A CN 2013103097023 A CN2013103097023 A CN 2013103097023A CN 201310309702 A CN201310309702 A CN 201310309702A CN 103391198 A CN103391198 A CN 103391198A
- Authority
- CN
- China
- Prior art keywords
- server
- redirect server
- account data
- redirect
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a data processing method of Linus server cluster accounts. The method comprises the steps as follows: data of each account in a cluster is centrally controlled through a skip server; and a client and a target server in the cluster are in communication connection through the account data and the skip server. Compared with the prior art, the data processing method has the advantages of high safety, strong expandability and the like, so that the operation is simplified, the processing efficiency is improved, and the error probability is reduced.
Description
Technical field
The present invention relates to a kind of account data processing method, especially relate to a kind of Linux server cluster account data processing method.
Background technology
In today of the Internet develop rapidly, web application increases with surprising rapidity.And the server that these network applications rely on also just increases progressively with exponential.When to people, facilitating, a large amount of servers has brought huge challenge also for the O﹠M staff on account management.The safety problem that causes therefrom is too numerous to enumerate.
Present most website and network application be all in the mode of server cluster in running, number of servers arrives several, tens less, arrives hundreds of platform and even up to ten thousand more.Traditional account data processing mode can't meet the needs of server cluster management.
Take 100 Linux servers as example, all there is the user account information that can login on every station server, process the account data on this 100 station server, no matter be create or revise accounts information, the O﹠M personnel need to repeat identical operation on each station server.Complex operation is not also said and is easily made mistakes, and stays potential safety hazard.In case safety problem occurs, the O﹠M personnel should be noted that and check and investigate user login information.
Summary of the invention
Purpose of the present invention is exactly that a kind of safe, Linux server cluster account data processing method that extensibility is strong is provided in order to overcome the defect that above-mentioned prior art exists, and to reach, simplifies the operation, and improves treatment effeciency, reduces the purpose of the probability of makeing mistakes.
Purpose of the present invention can be achieved through the following technical solutions:
A kind of Linux server cluster account data processing method, the method is carried out centralized control by the redirect server to each account data in cluster, client by account data be connected the redirect server and communicate and be connected with destination server in cluster.
The method specifically comprises the following steps:
1) client connects the redirect server by ssh, and by account data, logins the redirect server;
2) client sends the request that connects a certain destination server to the redirect server, and the redirect server sends logging request to this destination server;
3) after destination server is received logging request from the redirect server, judge whether to trust the logging request of redirect server according to logging request, if client is successfully logined destination server, if not, destination server sends the refusal log-on message to the redirect server.
Described step 1) in, login the redirect server by account data and be specially:
After client connected the redirect server, the redirect server received the account data of client, and whether checking account data are correct, if client is successfully logined the redirect server, if not, the redirect server sends the refusal log-on message to the redirect server.
Described step 3) in, according to logging request, judge whether that the logging request of trusting the redirect server is specially:
Destination server is compared private key and local PKI subsidiary in logging request, judges key to whether being complementary, if, trust the logging request of redirect server, if not, the logging request of redirect server is not trusted.
Compared with prior art, the present invention has the following advantages:
1, simplified control: the O﹠M personnel only need the operation to the trust between redirect server and destination server once to get final product, and the change of later any account can only get final product the redirect server operation, simple to operate saving time, and error rate is low.
2, safe: the network management personnel can arrange double-deck fire compartment wall on this structure, and before the redirect server and after the redirect server, the fail safe of double-deck fire compartment wall will, far away higher than the individual layer fire compartment wall, can better be protected destination servers respectively.
3, extensibility is strong: be increased to 100 station servers from 10 station servers, in the situation that client account is constant, the O﹠M personnel only need simple interpolation server and trust the redirect server to get final product, and do not need to do any other change.
Description of drawings
Fig. 1 is schematic flow sheet of the present invention;
Fig. 2 is hardware configuration schematic diagram of the present invention.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.The present embodiment is implemented as prerequisite take technical solution of the present invention, provided detailed execution mode and concrete operating process, but protection scope of the present invention is not limited to following embodiment.
A kind of Linux server cluster account data processing method, the method is carried out centralized control by the redirect server to each account data in cluster, client by account data be connected the redirect server and communicate and be connected with destination server in cluster, simplify the operation to reach, improve treatment effeciency, reduce the purpose of the probability of makeing mistakes.
Below set forth the workflow of said method with the user by the concrete case that the redirect server logs in destination server.
Redirect server ip: 51.122.48.102 (outer net IP)
(192.168.1.2 Intranet IP)
Destination server IP:192.168.1.23 (Intranet IP)
As Figure 1-Figure 2, above-mentioned Linux server cluster account data processing method specifically comprises the following steps:
In step S1, a plurality of client-requested log in redirect server ssh51.122.48.102.
In step S2, the redirect server receives the account data of each client input.
In step S3, whether the account data of redirect server authentication input is correct.
In step S4, account data is incorrect, and the logging request of client is rejected, and returns to step S1.
In step S5, account data is correct, and client is authorized to log in.
In step S6, client successfully signs in to the redirect server.
In step S7, client initiates to log in the request ssh192.168.1.23 of destination server.
In step S8, after destination server is received the logging request of sending from redirect server Intranet IP (192.168.1.2), automatically search the PKI of this IP address of coupling, so that the private key that transmits with the redirect server is compared.
In step S9, if key does not mate checking, destination server is refused this logging request, returns to step 6, and by the redirect server, to client, sends exclude information.
In step S10, if key to being verified, this logs in the destination server mandate.
In step S11, client signs in to destination server.
Claims (4)
1. Linux server cluster account data processing method, it is characterized in that, the method is carried out centralized control by the redirect server to each account data in cluster, client by account data be connected the redirect server and communicate and be connected with destination server in cluster.
2. a kind of Linux server cluster account data processing method according to claim 1, is characterized in that, the method specifically comprises the following steps:
1) client connects the redirect server by ssh, and by account data, logins the redirect server;
2) client sends the request that connects a certain destination server to the redirect server, and the redirect server sends logging request to this destination server;
3) after destination server is received logging request from the redirect server, judge whether to trust the logging request of redirect server according to logging request, if client is successfully logined destination server, if not, destination server sends the refusal log-on message to the redirect server.
3. a kind of Linux server cluster account data processing method according to claim 2, is characterized in that described step 1) in, login the redirect server by account data and be specially:
After client connected the redirect server, the redirect server received the account data of client, and whether checking account data are correct, if client is successfully logined the redirect server, if not, the redirect server sends the refusal log-on message to the redirect server.
4. a kind of Linux server cluster account data processing method according to claim 2, is characterized in that described step 3) in, judge whether that according to logging request the logging request of trusting the redirect server is specially:
Destination server is compared private key and local PKI subsidiary in logging request, judges key to whether being complementary, if, trust the logging request of redirect server, if not, the logging request of redirect server is not trusted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103097023A CN103391198A (en) | 2013-07-22 | 2013-07-22 | Data processing method of Linux server cluster accounts |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013103097023A CN103391198A (en) | 2013-07-22 | 2013-07-22 | Data processing method of Linux server cluster accounts |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103391198A true CN103391198A (en) | 2013-11-13 |
Family
ID=49535363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013103097023A Pending CN103391198A (en) | 2013-07-22 | 2013-07-22 | Data processing method of Linux server cluster accounts |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103391198A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106131092A (en) * | 2016-08-31 | 2016-11-16 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of telnet server |
| CN106254483A (en) * | 2016-08-10 | 2016-12-21 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of remote auto backup file |
| CN106302509A (en) * | 2016-08-31 | 2017-01-04 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of the Telnet of multi-client system |
| CN108737426A (en) * | 2018-05-24 | 2018-11-02 | 郑州云海信息技术有限公司 | One kind remotely exempting from close login method and system |
| CN108809964A (en) * | 2018-05-25 | 2018-11-13 | 浙江齐治科技股份有限公司 | A kind of resource access control method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030221011A1 (en) * | 2002-02-19 | 2003-11-27 | Masaki Shitano | Access control apparatus |
| CN101282252A (en) * | 2007-04-06 | 2008-10-08 | 盛大信息技术(上海)有限公司 | Method for managing and logging-on password of remote server based on network |
| CN102739613A (en) * | 2011-04-12 | 2012-10-17 | 深圳市金蝶中间件有限公司 | Dynamic pathway method of crossing firewall and system thereof |
| CN103179135A (en) * | 2013-04-19 | 2013-06-26 | 网宿科技股份有限公司 | Remote management method based on ssh transfer machine |
-
2013
- 2013-07-22 CN CN2013103097023A patent/CN103391198A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030221011A1 (en) * | 2002-02-19 | 2003-11-27 | Masaki Shitano | Access control apparatus |
| CN101282252A (en) * | 2007-04-06 | 2008-10-08 | 盛大信息技术(上海)有限公司 | Method for managing and logging-on password of remote server based on network |
| CN102739613A (en) * | 2011-04-12 | 2012-10-17 | 深圳市金蝶中间件有限公司 | Dynamic pathway method of crossing firewall and system thereof |
| CN103179135A (en) * | 2013-04-19 | 2013-06-26 | 网宿科技股份有限公司 | Remote management method based on ssh transfer machine |
Non-Patent Citations (2)
| Title |
|---|
| 伍之昂 等: "《Linux服务器架设与管理》", 31 August 2008 * |
| 鸟哥: "《鸟哥的Linux私房菜 服务器架设篇 第3版》", 31 July 2012 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106254483A (en) * | 2016-08-10 | 2016-12-21 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of remote auto backup file |
| CN106131092A (en) * | 2016-08-31 | 2016-11-16 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of telnet server |
| CN106302509A (en) * | 2016-08-31 | 2017-01-04 | 天脉聚源(北京)传媒科技有限公司 | A kind of method and device of the Telnet of multi-client system |
| CN108737426A (en) * | 2018-05-24 | 2018-11-02 | 郑州云海信息技术有限公司 | One kind remotely exempting from close login method and system |
| CN108809964A (en) * | 2018-05-25 | 2018-11-13 | 浙江齐治科技股份有限公司 | A kind of resource access control method and device |
| CN108809964B (en) * | 2018-05-25 | 2021-11-09 | 浙江齐治科技股份有限公司 | Resource access control method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107528856A (en) | Internet of Things mist end equipment based on block chain platform access authentication method beyond the clouds | |
| CN108881308B (en) | User terminal and authentication method, system and medium thereof | |
| CN101917289B (en) | System for remotely supervising internet surfing of minors based on computer and mobile phone | |
| JP2018116708A (en) | Network connection automation | |
| CN103391198A (en) | Data processing method of Linux server cluster accounts | |
| CN106790034B (en) | A kind of method of internet of things equipment certification and secure accessing | |
| CN104811433A (en) | Distributed IoT (Internet of Things) solution scheme of C/S configuration | |
| US20130339736A1 (en) | Periodic platform based web session re-validation | |
| WO2016076913A1 (en) | Conditional login promotion | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| JP6554526B2 (en) | Multiple account integrated management system and method | |
| CN102868702B (en) | System login device and system login method | |
| CN103634119A (en) | Authentication method, application client, application server and authentication server | |
| US20170142130A1 (en) | Account registration and login method, and network attached storage system using the same | |
| CN103473489A (en) | Permission validation system and permission validation method for safety production comprehensive supervision | |
| CN103795530A (en) | Cross-domain controller authentication method, cross-domain controller authentication device and host | |
| CN103051643A (en) | Method and system for dynamically establishing secure connection of virtual host in cloud computing environment | |
| CN106533894B (en) | A kind of instant messaging system of completely new safety | |
| CN103957194B (en) | A kind of procotol IP cut-in methods and access device | |
| CN103188332A (en) | Remote desktop access control management method, equipment and system | |
| CN107566396A (en) | A kind of method based on dynamic password enhancing server VPN protocol securitys | |
| US20240089300A1 (en) | Applying overlay network policy based on users | |
| US20160156610A1 (en) | Message Pushing System And Method | |
| CN104410990B (en) | Realize the method and system of access authentication server switching | |
| US8468268B2 (en) | Techniques for identity and policy based routing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131113 |
|
| RJ01 | Rejection of invention patent application after publication |