免密碼配置
這裡我們就引入了金鑰的概念。管理機和被管理機通訊使用金鑰代替密碼,這樣就提高了安全性。具體操作步驟如下:
步驟一:在管理機器生成公鑰
[root@localhost ~]# ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:IrRLAe0wt1pDfZjbzI16ss79M6Hp/O/7aLSXyGQtcBo [email protected] key's randomart image is:+---[RSA 2048]----+| .. . o || o.+ + . || *o. * o || .=o. = E . || o+...S = . || .. oo.. o = . || . + o * + . || ..oo o =.o || .o.+oo*=+. |+----[SHA256]-----+[root@localhost ~]#步驟二:把公鑰複製到被管理機器
[root@localhost ~]# ssh-copy-id [email protected]/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new [email protected]'s password: Number of key(s) added: 1Now try logging into the machine, with: "ssh '[email protected]'"and check to make sure that only the key(s) you wanted were added.輸入被管理機器密碼即可。
聰明的同學可能馬上就想到了,一臺機器這樣複製還行,被管理的機器少則幾十臺,多則幾百幾千臺。一個一個的複製豈不是要累死了。幾百幾千臺當然不可能這樣操作了。我們用個小工具sshpass,寫個小指令碼來完成這個重複的工作。
其實前面在/etc/ansible/hosts配置user和password的時候,ansible就是呼叫sshpass來自動輸入ssh密碼的。
sshpas需要單獨安裝,首先要下載:http://sourceforge.net/projects/sshpass/
安裝sshpass會用到gcc,所以要先安裝gcc
[root@localhost ~]# yum install gcc -y[root@localhost ~]# tar -xvf sshpass-1.06.tar.gz[root@localhost ~]# cd sshpass-1.06/[root@localhost ~]# ./configure[root@localhost ~]# make && make install接下來寫指令碼copysk.sh。
#!/bin/bash#password=123456for ip in $(cat ip)dosshpass -p ${password} ssh-copy-id root@${ip}done指令碼檔案copysk.sh和ip檔案在同一目錄下。然後執行指令碼即可
[root@localhost ~]# bash copysk.sh如果不知道如何寫指令碼,這上面的複製修改password的值,再把ip檔案中的IP改為你的IP即可。
金鑰已經配置好了,管理機上的清單檔案也要改一下。
開啟清單檔案如下:
最新評論