码迷,mamicode.com
首页 > 其他好文 > 详细

ansible实现对远程主机的免密钥认证

时间:2020-02-08 17:51:54      阅读:124      评论:0      收藏:0      [点我收藏+]

标签:multicast   finger   认证   sam   creat   keygen   filter   adc   tab   

ansible实现对远程主机的免密钥认证

实验环境:

ansible服务器:192.168.125.224  

远程测试机器:192.168.125.227   

防止干扰实验,2台机器关闭selinux和防火墙后重启
[root@gitlab ~]# sed -i "s/enforcing/disabled/" /etc/selinux/config
[root@gitlab ~]# systemctl stop firewalld && systemmctl disable firewalld
[root@gitlab ~]# reboot

(.py3-a2.5-env) [deploy@jenkins ansible]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.125.227 test.example.com

创建ssh key,一直按回车即可

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deploy/.ssh/id_rsa):
Created directory ‘/home/deploy/.ssh‘.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/deploy/.ssh/id_rsa.
Your public key has been saved in /home/deploy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vojq8SWnDxN0MIAHR2hFLzQfeZrblqrAbjX5oQdNCRU deploy@jenkins
The key‘s randomart image is:
+---[RSA 2048]----+
|.=**+Eo |
|ooo.++.. |
|.. .oo* |
| ..* |
| = o S |
|. = = = |
| oo O * . |
|...+ % . . |
|.ooo*.o . |
+----[SHA256]-----+

把公钥发送给远程主机实现免密认证

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com

.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/deploy/.ssh/id_rsa.pub"
The authenticity of host ‘test.example.com (192.168.125.227)‘ can‘t be established.
ECDSA key fingerprint is SHA256:rtoChNnlzqa4jE/I18BmjJVHND7pzhVnRimoY/l1/EI.
ECDSA key fingerprint is MD5:90:67:a9:77:a7:28:5b:aa:5a:05:10:d3:5e:87:3c:e9.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@test.example.com‘s password:     输入密码

Number of key(s) added: 1

Now try logging into the machine, with: "ssh ‘root@test.example.com‘"
and check to make sure that only the key(s) you wanted were added.

测试免密是否成功

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh root@test.example.com
Last login: Sat Feb 8 16:46:15 2020 from 192.168.125.224
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# ip a
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8c:97:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.125.227/24 brd 192.168.125.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::536f:4380:8909:943/64 scope link noprefixroute
valid_lft forever preferred_lft forever

测试成功

ansible实现对远程主机的免密钥认证

标签:multicast   finger   认证   sam   creat   keygen   filter   adc   tab   

原文地址:https://www.cnblogs.com/wengshaohang/p/12283965.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!