ansible实现对远程主机的免密钥认证
ansible实现对远程主机的免密钥认证
实验环境:
ansible服务器:192.168.125.224
远程测试机器:192.168.125.227
防止干扰实验,2台机器关闭selinux和防火墙后重启
[root@gitlab ~]# sed -i "s/enforcing/disabled/" /etc/selinux/config
[root@gitlab ~]# systemctl stop firewalld && systemmctl disable firewalld
[root@gitlab ~]# reboot
(.py3-a2.5-env) [deploy@jenkins ansible]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.125.227 test.example.com
创建ssh key,一直按回车即可
(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deploy/.ssh/id_rsa):
Created directory '/home/deploy/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/deploy/.ssh/id_rsa.
Your public key has been saved in /home/deploy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vojq8SWnDxN0MIAHR2hFLzQfeZrblqrAbjX5oQdNCRU deploy@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|.=**+Eo |
|ooo.++.. |
|.. .oo* |
| ..* |
| = o S |
|. = = = |
| oo O * . |
|...+ % . . |
|.ooo*.o . |
+----[SHA256]-----+
把公钥发送给远程主机实现免密认证
(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com
.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/deploy/.ssh/id_rsa.pub"
The authenticity of host 'test.example.com (192.168.125.227)' can't be established.
ECDSA key fingerprint is SHA256:rtoChNnlzqa4jE/I18BmjJVHND7pzhVnRimoY/l1/EI.
ECDSA key fingerprint is MD5:90:67:a9:77:a7:28:5b:aa:5a:05:10:d3:5e:87:3c:e9.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@test.example.com's password: 输入密码
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@test.example.com'"
and check to make sure that only the key(s) you wanted were added.
测试免密是否成功
(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh root@test.example.com
Last login: Sat Feb 8 16:46:15 2020 from 192.168.125.224
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# ip a
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8c:97:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.125.227/24 brd 192.168.125.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::536f:4380:8909:943/64 scope link noprefixroute
valid_lft forever preferred_lft forever
测试成功