从别人网站抄过来,保留自用
场景: 对于需要管理的很多linux服务器,每次登录都输入密码比较痛苦,配置一个跳板机,将本地公钥推送带各访问节点上实现SSH登录
登录账号:admin
本地秘钥路径:/home/admin/.ssh/id_rsa.pub
=======================================================
首先在跳板机上配置秘钥
ssh-keygen -t rsa -P "" -f ~/.ssh/id_dsa
然后创建ansible的playbook文件create_admin.yaml
- name: Linux Create User and Upload User Public keys
hosts: all
#remote_user: xxxx
#sudo: yes
vars:
create_user_name: admin
tasks:
- name: Make sure we have a 'admin' group
group:
name: admin
state: present
- name: Allow 'admin' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%admin'
line: '%admin ALL=(ALL) NOPASSWD: ALL'
- name: Create user {{ create_user_name }}
user:
name: "{{ create_user_name }}"
shell: /bin/bash
groups: admin
createhome: yes
home: /home/{{ create_user_name }}
state: present
- name: create key directory
action: file path=/home/{{ create_user_name }}/.ssh/ state=directory owner={{ create_user_name }} group={{ create_user_name }} mode=0700
- name: create key file
action: file path=/home/{{ create_user_name }}/.ssh/authorized_keys state=touch owner={{ create_user_name }} group={{ create_user_name }} mode=0600
- name: Set authorized key took from file
authorized_key:
user: "{{ create_user_name }}"
state: present
key: "{{ lookup('file', '/home/admin/.ssh/id_rsa.pub') }}"
然后使用ansible执行推送
=======================================================
登录时直接使用ssh登录,如:
ssh 192.168.166.170
大神同事将下面脚本脚本封装成go.sh,放入到/bin目录下:
host=$1
if [ -z ${host} ]
then
host='127.0.0.1'
fi
ssh admin@${host} -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa
这样就可以快速地使用go.sh +ip登录指定服务器
=======================================================
