51工具盒子ansible免密登录 {#articleContentId}
需求: 管理机 批量 推送到 被管理机
以root用户登录到主控端机器,ssh-keygen生成密钥对,通过ssh-copy-id 远程主机,将公钥拷贝到远程主机
ssh-copy-id -i ~/.ssh/id_rsa.pub root@10.0.0.7
第一步:在管理机上取消 验证(不输入yes )
ssh-keygen 生成秘钥
vim /etc/ansible/ansible.cfg
host_key_checking = False
第2 步骤: 配置主机清单
第三步: 配置main.yml
ansible-galaxy init ssh
[root@m01 /etc/ansible/roles/ssh/tasks]#cat main.yml
- name: Non secret authentication
authorized_key:
user:root
key: "{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
state: present
第4步: 配置site
执行:
ansible-playbook /etc/ansible/roles/site.yml
参考: ansible 免密登陆汇总
#####批量推送#######
批量推送公钥到远程机器
将以下文件命名为:push.ssh.ymal
- hosts: tencent
user: root
tasks:
- name: ssh-copy
authorized_key: user=root key="{{ lookup('file', '/root/.ssh/id_rsa.pub') }}"
tags:
- sshkey
执行推送命令
ansible-playbook ssh.ymal
方案2:
#!/bin/bash
rpm -q expect >/dev/null
if [ $? -ne 0 ]
then
yum install -y expect &>/dev/null
fi
if [ ! -f /root/.ssh/id_rsa.pub ]
then
/usr/bin/expect <<AAA
set timeout 10
spawn ssh-keygen
expect {
"rsa):" { send "\r"; exp_continue }
"passphrase):" { send "\r"; exp_continue }
"again:" { send "\r" }
}
expect eof
AAA
fi
for i in {6,7,8,31,41,51}
do
/usr/bin/expect <<AAA
set timeout 10
spawn ssh-copy-id 10.0.0.$i
expect {
"yes/no" { send "yes\r"; exp_continue }
"password:" { send "1\r" }
}
expect eof
AAA
done
#####attention expect 里面是双引号
方案3:
#!/bin/bash
#变量优化
ROOT_PASS="1"
USER_NAME="root"
USER_PASS="1"
HOST_LIST="192.168.100.201 192.168.100.202 192.168.100.110 192.168.100.203"
#管理主机创建用户密钥对
su - $USER_NAME -c " cd /root && echo "" | ssh-keygen -t rsa"
PUB_KEY="cat /$USER_NAME/.ssh/id_rsa.pub"
#利用ssh非免密环境在所有主机创建用户
for host in $HOST_LIST; do
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "useradd $USER_NAME"
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "echo "$USER_PASS" | passwd --stdin $USER_NAME"
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "mkdir -p /$USER_NAME/.ssh"
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "echo $PUB_KEY > /$USER_NAME/.ssh/authorized_keys"
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "chmod 600 /$USER_NAME/.ssh/authorized_keys"
sshpass -p$ROOT_PASS ssh -o StrictHostKeyChecking=no root@$host "chown -R $USER_NAME:$USER_NAME /$USER_NAME/.ssh"
done
#利用ssh非免密管理主机将公钥写入到所有主机authorized.keys
