在日常的运维工作中,密码远程登录节点服务器做运维是一件比较闹心的问题,复杂的密码,很容易在登录时出现错误,这就需要用到公钥验证登录,通过ssh-keygen生成本服务器的公钥和私钥
[root@mail zhb]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
ed:0c:39:0a:05:ea:3c:25:f0:97:55:17:6e:5a:79:83 root@mail
The key's randomart image is:
+--[ RSA 2048]----+
|. . ... o. |
| o . + o o |
| + + . E o |
| o + . * . . |
| + . S . |
| . . . = |
| . o |
| |
| |
+-----------------+
并将主机的id_rsa.pub文件复制到节点服务器上。
[root@mail ~]# scp ~/.ssh/id_rsa.pub root@10.0.0.5:~/.ssh/pub_key
到节点服务器上添加authorized_keys文件,将主机的公钥追加到节点服务器的authorized_keys
[root@agent1 ~]# cat pub_key >>~/.ssh/authorized_keys
完成即可从主机节点免密码登录到节点服务器上。
如果需要ansible 工具执行免密码,还需要在ansibel主机上执行如下命令
ansible app -m authorized_key -a "user=root key='{{ lookup('file','/root/.ssh/id_rsa.pub') }}'" -k
若您觉的还有不足,请赐教