系统性能优化

ansible ssh秘钥分发

2022-06-10  本文已影响0人  无味wy
ssh-keygen命令 用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥
SSH 密钥默认保留在 ~/.ssh 目录中
id_rsa:私钥文件
id_rsa.pub:公钥文件
known_hosts:ssh访问不同的主机会将公钥记录到此文件,每次访问会核对密钥

创建ssh密钥

[root@ceshi-128 ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pAqXlThsC0a5ir8tBu+7+5PnZbK/5Pdzfg root@ceshi-128.host.com
The key's randomart image is:
+---[RSA 2048]----+
|  ..             |
| ... . .         |
| .o.=oo .        |
| .+o+= o         |
|...=+ . S        |
|+  o+.o . +      |
| =. .= . o o     |
|oo*=+.o   .      |
|o*BOO=     E     |
+----[SHA256]-----+

配置ansible主机清单

[root@ceshi-128 ~]# vi /etc/ansible/hosts
[ceshi]
10.1.74.20
10.1.74.21
10.1.74.22
10.1.74.23
10.1.74.24

[ceshi:vars]
ansible_ssh_user=root
ansible_ssh_pass='GJ.com'
[root@ceshi-128 ~]# vi /etc/ansible/ansible.cfg
取消注释host_key_checking = False ,以免连接交互提醒

编辑yml文件

[root@ceshi-128 ~]# vi key.yml
---
- hosts: ceshi 
  user: root
  gather_facts: false
  tasks:
  - name: ssh-copy
    authorized_key: user=root key={{lookup('file','/root/.ssh/id_rsa.pub')}}
    tags:
    - sshkey

执行ansible-playbook

[root@ceshi-128 ~]# ansible-playbook key.yml 

PLAY [ceshi] ***************************************************************************************************************************************************************

TASK [ssh-copy] ************************************************************************************************************************************************************
changed: [10.1.74.21]
changed: [10.1.74.20]
changed: [10.1.74.23]
changed: [10.1.74.22]
changed: [10.1.74.24]

PLAY RECAP *****************************************************************************************************************************************************************
10.1.74.20                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.1.74.21                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.1.74.22                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.1.74.23                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   
10.1.74.24                 : ok=1    changed=1    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
上一篇下一篇

猜你喜欢

热点阅读