root@node1 sudoers.d]# cd /etc/sudoers.d/
[root@node1 sudoers.d]# ll
total 0
[matthew@node1 ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/matthew/.ssh/id_rsa):
Created directory '/home/matthew/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/matthew/.ssh/id_rsa.
Your public key has been saved in /home/matthew/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xKvaQax3ZnwKNoC5bk2a+Isjlr45RZjB8O22R9/709Q matthew@node1.example.com
The key's randomart image is:
+---[RSA 3072]----+
|+ |
| + . . |
| = . o |
| o = . . . |
| + + + S . |
| +.* + . . E|
| .+=o O * o o |
|+*= .* B o .. . |
|=B*.. . . .... |
+----[SHA256]-----+
[matthew@node1 ~]$ echo "ma" | passwd --stdin matthew
Only root can do that.
[matthew@node1 ~]$ su -
Password:
[root@node1 ~]# echo "sa" | passwd --stdin sandy
Changing password for user matthew.
passwd: all authentication tokens updated successfully.
[root@node1 ~]# cd /home/matthew/.ssh
[root@node1 .ssh]# ll
total 8
-rw-------. 1 matthew matthew 2610 Nov 4 04:27 id_rsa
-rw-r--r--. 1 matthew matthew 579 Nov 4 04:27 id_rsa.pub
[root@node1 .ssh]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.202.11 node1.example.com
192.168.202.12 node2.example.com
192.168.202.13 node3.example.com
192.168.202.14 node4.example.com
192.168.202.15 node5.example.com
[root@node1 .ssh]# ssh-copy-id sandy@node2.example.com; ssh-copy-id sandy@node3.example.com ;ssh-copy-id sandy@node4.example.com ;ssh-copy-id sandy@node5.example.com
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
matthew@node2.example.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'matthew@node2.example.com'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
matthew@node3.example.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'matthew@node3.example.com'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
matthew@node4.example.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'matthew@node4.example.com'"
and check to make sure that only the key(s) you wanted were added.
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
matthew@node5.example.com's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'matthew@node5.example.com'"
and check to make sure that only the key(s) you wanted were added.
[matthew@node1 ~]$ ansible all -m ping
The authenticity of host 'node5.example.com (192.168.202.15)' can't be established.
ECDSA key fingerprint is SHA256:oBDQrgh4PbHy/vlZSA78bE/EvOy/kYSGUJopJvue//o.
Are you sure you want to continue connecting (yes/no/[fingerprint]The authenticity of host 'node3.example.com (192.168.202.13)' can't be established.
ECDSA key fingerprint is SHA256:oBDQrgh4PbHy/vlZSA78bE/EvOy/kYSGUJopJvue//o.
Are you sure you want to continue connecting (yes/no/[fingerprint]The authenticity of host 'node2.example.com (192.168.202.12)' can't be established.
ECDSA key fingerprint is SHA256:oBDQrgh4PbHy/vlZSA78bE/EvOy/kYSGUJopJvue//o.
Are you sure you want to continue connecting (yes/no/[fingerprint]The authenticity of host 'node4.example.com (192.168.202.14)' can't be established.
ECDSA key fingerprint is SHA256:oBDQrgh4PbHy/vlZSA78bE/EvOy/kYSGUJopJvue//o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
node3.example.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Host key verification failed.",
"unreachable": true
}
node5.example.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added 'node5.example.com,192.168.202.15' (ECDSA) to the list of known hosts.\r\nmatthew@node5.example.com: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
^C [ERROR]: User interrupted execution
[matthew@node1 ~]$ su -
Password:
[root@node1 ~]# ansible all -m ping
node5.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node4.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node3.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
node2.example.com | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
'ansible > Redhat Cert' 카테고리의 다른 글
| 3.ansible-doc 설치 및 yum repo 구성 script (0) | 2021.11.04 |
|---|---|
| RHC (0) | 2021.10.11 |