基於ssh的方式與被管理的主機進行通信,在管理的主機上(部署ansible的主機上)生成一對非對稱密鑰,將公鑰發給被管理的主機。
(1)生成一對密鑰:ssh-keygen -t rsa
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | [root@wlm yum.repos.d]# ssh-keygen -t rsa # 默認存放的地方爲/root/.ssh目錄下Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:e8:60:67:4d:29:90:d2:4d:7d:52:2f:c7:e4:87:a4:80 root@wlmThe key's randomart image is:+--[ RSA 2048]----+| ..+.o... o || . o.E oo.B . || . . ooo * . || = o . || o + S || . = || . || || |+-----------------+ |
(2)將公鑰發給要管理的主機:ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | [root@wlm yum.repos.d]# ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]The authenticity of host '10.10.10.4 (10.10.10.4)' can't be established.RSA key fingerprint is 43:8a:cc:2c:6a:07:0e:16:17:04:b5:dd:2c:4a:9a:41.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys[email protected]'s password: Permission denied, please try again.[email protected]'s password: Number of key(s) added: 1Now try logging into the machine, with: "ssh '[email protected]'"and check to make sure that only the key(s) you wanted were added. |