使用ansible实现批量无密码登录
如果机器多,假如有一百台服务器,每台服务器登录前都得先输入yes,使用交互式的方式下发公钥的话就很麻烦(ssh-copy-id)
1、免输入yes,只需改/etc/ssh/ssh_config配置文件
StrictHostKeyChecking no
2、ansible有密码项目的配置,因为一开始需要通过密码来操作服务器
[nginx]
shijiange_local ansible_ssh_port=22 ansible_ssh_host=127.0.0.1 ansible_ssh_pass='Z4s*gChCN6#j){RE'
shijiange_wai ansible_ssh_port=22 ansible_ssh_host=149.28.79.28 ansible_ssh_pass='Z4s*gChCN6#j){RE'
如下图:
3、ansible实现批量下发公钥
pubkey=`cat /root/.ssh/id_rsa.pub`
ansible all -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh ; echo 'xxx(安装了ansible主机的公钥)' >> .ssh/authorized_keys"
示例:
ansible all -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh ; echo ${pubkey} >> .ssh/authorized_keys"
ansible all -m shell -a "cd /root/; umask 077; test -d .ssh || mkdir .ssh ; echo ' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEmW+JAG92HSpemeb+pLtTnI0QClMIx0Aq8sBOqfPT+oBY5X22FPyS35yQcnIFu1qbY6WgeVXNTFo4se0eaiIq75M2BsqWJVV8+Td2e22gt2cq8Cw6W8KL5BkeV959nCVO/bar3+vexBrpJqqyyFZn46uUaiab7bwwDh11GI89DNPHAKcMN7eOEnxBwzJkLXdaaDNfwVMnCfIxzDq8hAtnYoIIk3RcZ5eoQWyEuRzOPhBdX6ulINN2A/Wt091jM/rsWnzBzq9npBzk7RTMOrehQUAP/p8JZh5Rw7viDYOOtrqjkiJp9kfixwwsJne0RMKQKjSTjvetBhxMP9Jf25O5 root@k8s-master' >> .ssh/authorized_keys"
删除ansible的缓存:
rm -fr /root/.ansible/*
4、下发完公钥后,配置文件就能去除密码配置项了
[nginx]
shijiange_local ansible_ssh_port=22 ansible_ssh_host=127.0.0.1
shijiange_wai ansible_ssh_port=22 ansible_ssh_host=149.28.79.28
5、私钥一定要保存好,特别无密码的私钥。