ANSIBLE实现SSH密钥的分发
1、先生成密钥
[root@c780 ansible]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
d1:d2:99:52:9d:a1:6a:88:2f:11:bb:fe:7e:06:5a:0a root@c780
The key's randomart image is:
+--[ RSA 2048]----+
| ...o |
| + +o |
| . + * |
| + . = |
| + . S |
| E +o. |
| .o+.. |
| .o. o |
| .ooo |
+-----------------+
2、修改/etc/ansible/ansible.cfg
host_key_checking = False
3、修改/etc/ansible/hosts
[cli1]
193.168.120.80
193.168.120.81
193.168.120.83
193.168.120.85
[cli1:vars]
ansible_ssh_user=root
ansible_ssh_pass=密码 此处这个群组采用了一样的密码
ansible_ssh_port=22
运行命令:ansible cli1 -m authorized_key -a "user=root key='{{ lookup('file', '/root/.ssh/id_rsa.pub') }}'"
搞定:
193.168.120.83 | SUCCESS => {
"changed": true,
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjcuK0MQiAN41eGU+2RxjGh+XpO3jWHJwKZp2KhOEL2HmU5gYz8QNlYgmVkLQnaSbICS7zBm9bhzcvEDzMEp6AzM/sIukWMg6fbjSJfz8YJBJh481ytJinHMGE3104zUppXiFqieYv4+43FrNz0dUyZkzubFfbCQ+20ojLVbE0AVUz2LTjg8efei6gqog2ZmIILfzV4ZdiESf9aiHOFxoQCrlAKvrMyHNBB4PPpe6uVi8CE/ll0bVnTQyhHKVrb+uVK7K5YnSVjGmSLsiK6+y2gaDXn+adNWArMeGX+XXdnWEL8yVcWRfAou1CgRpixuX/7A3MorFhud6dHhD80q8/ root@c780",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
193.168.120.85 | SUCCESS => {
"changed": true,
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjcuK0MQiAN41eGU+2RxjGh+XpO3jWHJwKZp2KhOEL2HmU5gYz8QNlYgmVkLQnaSbICS7zBm9bhzcvEDzMEp6AzM/sIukWMg6fbjSJfz8YJBJh481ytJinHMGE3104zUppXiFqieYv4+43FrNz0dUyZkzubFfbCQ+20ojLVbE0AVUz2LTjg8efei6gqog2ZmIILfzV4ZdiESf9aiHOFxoQCrlAKvrMyHNBB4PPpe6uVi8CE/ll0bVnTQyhHKVrb+uVK7K5YnSVjGmSLsiK6+y2gaDXn+adNWArMeGX+XXdnWEL8yVcWRfAou1CgRpixuX/7A3MorFhud6dHhD80q8/ root@c780",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
193.168.120.80 | SUCCESS => {
"changed": true,
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjcuK0MQiAN41eGU+2RxjGh+XpO3jWHJwKZp2KhOEL2HmU5gYz8QNlYgmVkLQnaSbICS7zBm9bhzcvEDzMEp6AzM/sIukWMg6fbjSJfz8YJBJh481ytJinHMGE3104zUppXiFqieYv4+43FrNz0dUyZkzubFfbCQ+20ojLVbE0AVUz2LTjg8efei6gqog2ZmIILfzV4ZdiESf9aiHOFxoQCrlAKvrMyHNBB4PPpe6uVi8CE/ll0bVnTQyhHKVrb+uVK7K5YnSVjGmSLsiK6+y2gaDXn+adNWArMeGX+XXdnWEL8yVcWRfAou1CgRpixuX/7A3MorFhud6dHhD80q8/ root@c780",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
193.168.120.81 | SUCCESS => {
"changed": true,
"comment": null,
"exclusive": false,
"key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjcuK0MQiAN41eGU+2RxjGh+XpO3jWHJwKZp2KhOEL2HmU5gYz8QNlYgmVkLQnaSbICS7zBm9bhzcvEDzMEp6AzM/sIukWMg6fbjSJfz8YJBJh481ytJinHMGE3104zUppXiFqieYv4+43FrNz0dUyZkzubFfbCQ+20ojLVbE0AVUz2LTjg8efei6gqog2ZmIILfzV4ZdiESf9aiHOFxoQCrlAKvrMyHNBB4PPpe6uVi8CE/ll0bVnTQyhHKVrb+uVK7K5YnSVjGmSLsiK6+y2gaDXn+adNWArMeGX+XXdnWEL8yVcWRfAou1CgRpixuX/7A3MorFhud6dHhD80q8/ root@c780",
"key_options": null,
"keyfile": "/root/.ssh/authorized_keys",
"manage_dir": true,
"path": null,
"state": "present",
"unique": false,
"user": "root",
"validate_certs": true
}
[root@c780 ansible]# ssh 193.168.120.85
Last login: Fri Aug 10 19:17:49 2018 from 193.168.120.80
[root@c785 ~]# exit
登出
Connection to 193.168.120.85 closed.
[root@c780 ansible]#