ansible ssh秘钥分发
2022-06-10 本文已影响0人
无味wy
ssh-keygen命令 用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥
SSH 密钥默认保留在 ~/.ssh 目录中
id_rsa:私钥文件
id_rsa.pub:公钥文件
known_hosts:ssh访问不同的主机会将公钥记录到此文件,每次访问会核对密钥
创建ssh密钥
[root@ceshi-128 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pAqXlThsC0a5ir8tBu+7+5PnZbK/5Pdzfg root@ceshi-128.host.com
The key's randomart image is:
+---[RSA 2048]----+
| .. |
| ... . . |
| .o.=oo . |
| .+o+= o |
|...=+ . S |
|+ o+.o . + |
| =. .= . o o |
|oo*=+.o . |
|o*BOO= E |
+----[SHA256]-----+
配置ansible主机清单
[root@ceshi-128 ~]# vi /etc/ansible/hosts
[ceshi]
10.1.74.20
10.1.74.21
10.1.74.22
10.1.74.23
10.1.74.24
[ceshi:vars]
ansible_ssh_user=root
ansible_ssh_pass='GJ.com'
[root@ceshi-128 ~]# vi /etc/ansible/ansible.cfg
取消注释host_key_checking = False ,以免连接交互提醒
编辑yml文件
[root@ceshi-128 ~]# vi key.yml
---
- hosts: ceshi
user: root
gather_facts: false
tasks:
- name: ssh-copy
authorized_key: user=root key={{lookup('file','/root/.ssh/id_rsa.pub')}}
tags:
- sshkey
执行ansible-playbook
[root@ceshi-128 ~]# ansible-playbook key.yml
PLAY [ceshi] ***************************************************************************************************************************************************************
TASK [ssh-copy] ************************************************************************************************************************************************************
changed: [10.1.74.21]
changed: [10.1.74.20]
changed: [10.1.74.23]
changed: [10.1.74.22]
changed: [10.1.74.24]
PLAY RECAP *****************************************************************************************************************************************************************
10.1.74.20 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.1.74.21 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.1.74.22 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.1.74.23 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
10.1.74.24 : ok=1 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
