ansible實現對遠程主機的免密鑰認證

實驗環境：

ansible服務器：192.168.125.224  

遠程測試機器：192.168.125.227   

防止干擾實驗，2台機器關閉selinux和防火牆后重啟
[root@gitlab ~]# sed -i "s/enforcing/disabled/" /etc/selinux/config
[root@gitlab ~]# systemctl stop firewalld && systemmctl disable firewalld
[root@gitlab ~]# reboot

(.py3-a2.5-env) [deploy@jenkins ansible]$ cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.125.227 test.example.com

創建ssh key，一直按回車即可

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/deploy/.ssh/id_rsa):
Created directory '/home/deploy/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/deploy/.ssh/id_rsa.
Your public key has been saved in /home/deploy/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:vojq8SWnDxN0MIAHR2hFLzQfeZrblqrAbjX5oQdNCRU deploy@jenkins
The key's randomart image is:
+---[RSA 2048]----+
|.=**+Eo |
|ooo.++.. |
|.. .oo* |
| ..* |
| = o S |
|. = = = |
| oo O * . |
|...+ % . . |
|.ooo*.o . |
+----[SHA256]-----+

把公鑰發送給遠程主機實現免密認證

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com

.py3-a2.5-env) [deploy@jenkins ansible]$ ssh-copy-id -i /home/deploy/.ssh/id_rsa.pub root@test.example.com
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/deploy/.ssh/id_rsa.pub"
The authenticity of host 'test.example.com (192.168.125.227)' can't be established.
ECDSA key fingerprint is SHA256:rtoChNnlzqa4jE/I18BmjJVHND7pzhVnRimoY/l1/EI.
ECDSA key fingerprint is MD5:90:67:a9:77:a7:28:5b:aa:5a:05:10:d3:5e:87:3c:e9.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@test.example.com's password:     輸入密碼

Number of key(s) added: 1

Now try logging into the machine, with: "ssh 'root@test.example.com'"
and check to make sure that only the key(s) you wanted were added.

測試免密是否成功

(.py3-a2.5-env) [deploy@jenkins ansible]$ ssh root@test.example.com
Last login: Sat Feb 8 16:46:15 2020 from 192.168.125.224
[root@localhost ~]# hostname
localhost.localdomain
[root@localhost ~]# ip a
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:8c:97:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.125.227/24 brd 192.168.125.255 scope global noprefixroute ens32
valid_lft forever preferred_lft forever
inet6 fe80::536f:4380:8909:943/64 scope link noprefixroute
valid_lft forever preferred_lft forever

測試成功