*設定 SSH Keys

  1. Ansible 控制節點與受管節點間藉由 ssh 連線,必須設定免密碼連線,或執行 ansible 時使用 –ask-pass 選項要求輸入密碼。為方便自動完成任務一般會使用免密碼連線。
  2. 產生一組金鑰
    [root@kvm19 ~]# ssh-keygen 
    Generating public/private rsa key pair.
    Enter file in which to save the key (/root/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:F9OoHjIT3jPlN95CnwEAKnrIQsySYaZMQOZU6wVpwsA root@kvm19.deyu.wang
    The key's randomart image is:
    +---[RSA 2048]----+
    |XB.o.   ...      |
    |%E oo  .   +     |
    |+*o...o   = o    |
    |o..o.o o + o .   |
    |. +.. = S o + .  |
    | . .   = = + + o |
    |        .   o +  |
    |             .   |
    |                 |
    +----[SHA256]-----+
    
  3. 查看 .ssh 目錄下新增了 id_rsa 私鑰及 id_rsa.pub 公鑰。
    [root@kvm19 ~]# ll .ssh/
    total 12
    -rw-r--r--. 1 root root  401 Mar  2 10:32 authorized_keys
    -rw-------. 1 root root 1831 Mar  5 10:59 id_rsa
    -rw-r--r--. 1 root root  402 Mar  5 10:59 id_rsa.pub
    
  4. ssh-copy-id 將 id_rsa.pub 公鑰匯入到 kvm11,輸入密碼完成匯入。
    [root@kvm19 ~]# ssh-copy-id kvm11.deyu.wang
    /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed:
     "/root/.ssh/id_rsa.pub"
    The authenticity of host 'kvm11.deyu.wang (192.168.122.11)' can't be established.
    ECDSA key fingerprint is SHA256:l6jIMoK+z82ydTlG8MKarNcUDLVSfjCRjWRzhGOtDNc.
    Are you sure you want to continue connecting (yes/no)? yes
    /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s),
     to filter out any that are already installed
    /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed --
     if you are prompted now it is to install the new keys
    root@kvm11.deyu.wang's password: 
    
    Number of key(s) added: 1
    
    Now try logging into the machine, with:   "ssh 'kvm11.deyu.wang'"
    and check to make sure that only the key(s) you wanted were added.
    
  5. ssh 試著連線 kvm11,不用輸入密碼即可登入。
    [root@kvm19 ~]# ssh kvm11.deyu.wang
    Last login: Mon Mar  2 18:40:01 2020 from 192.168.122.1
    
  6. 退出 kvm11。
    [root@kvm11 ~]# exit
    logout
    Connection to kvm11.deyu.wang closed.