ansible如何ssh免密链接（基于key验证）

ansible需要连接时要用ssh连接  

这是我的三台机

首先安装ansible

[root@ansible ansible]#yum -y install ansible     #ansible 来自于epel源   需提起配置好yum源
[root@ansible ansible]#vim /etc/ansible/ansible.cfg      #找到下面这行取消注释 接下来就不用再敲ssh链接的yes了  
# uncomment this to disable SSH key host checking
host_key_checking = False

[root@ansible ~]# vim /etc/ansible/hosts            #再文档中插入下面几行    指定s1 s2
[websrvs]
10.0.0.135
10.0.0.136


[appsrvs]
10.0.0.137
10.0.0.135
[root@ansible ansible]# ssh-keygen                  #生成私钥对   简单一点 三个回车
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QvVjh5L5A0dJj/F3TUnkIJhcKJ99VHu4FggpEX3ntBY root@ansible
The key's randomart image is:

+---[RSA 3072]----+
| ==X= .++o       |
| o.X+BooE+o      |
| . B.X.*++=+     |
|   . O + o++.    |
|    . S o .   .o |
|        . . .    |
|                 |
|                 |
|                 |
+----[SHA256]-----+


[root@ansible ansible]#

[root@ansible ansible]# ssh-copy-id 10.0.0.135
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.135's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '10.0.0.135'"
and check to make sure that only the key(s) you wanted were added.

[root@ansible ansible]# ssh-copy-id 10.0.0.136
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.136 (10.0.0.136)' can't be established.
ECDSA key fingerprint is SHA256:QTYZIuatHBEX0/T0slePw79lDwToxIpy02zZsedJLHo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.136's password:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '10.0.0.136'"
and check to make sure that only the key(s) you wanted were added.

[root@ansible ansible]# ansible websrvs -m ping                      #检查一下是否能通
10.0.0.136 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}
10.0.0.135 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/libexec/platform-python"
},
"changed": false,
"ping": "pong"
}

ping    pong

完美

----------------------------利用sshpass批量实现基于key验证脚本----------------------------------
@1

[root@centos8 ~]#vim /etc/ssh/ssh_config
#修改下面一行
StrictHostKeyChecking no

[root@centos8 ~]#cat hosts.list
10.0.0.135
10.0.0.136
[root@centos8 ~]#vim push_ssh_key.sh
#!/bin/bash
rpm -q sshpass &> /dev/null || yum -y install sshpass
[ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P ''
export SSHPASS=123456
while read IP;do
sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP
done < hosts.list

 @2

[root@centos8 ~]#cat ssh_key.sh
#!/bin/bash
IPLIST="
10.0.0.135
10.0.0.136
10.0.0.137
10.0.0.138
10.0.0.139"
rpm -q sshpass &> /dev/null || yum -y install sshpass
[ -f /root/.ssh/id_rsa ] || ssh-keygen -f /root/.ssh/id_rsa -P ''
export SSHPASS=123456
for IP in $IPLIST;do
sshpass -e ssh-copy-id -o StrictHostKeyChecking=no $IP
done