diff --git a/03/SSH-von-Anfang-an.txt b/03/SSH-von-Anfang-an.txt new file mode 100644 index 0000000..7b9bdf0 --- /dev/null +++ b/03/SSH-von-Anfang-an.txt @@ -0,0 +1,71 @@ +kurs@tn011-purple:~$ ssh-keygen -t ed25519 -C Testkey +Generating public/private ed25519 key pair. +Enter file in which to save the key (/home/kurs/.ssh/id_ed25519): +Enter passphrase (empty for no passphrase): +Enter same passphrase again: +Your identification has been saved in /home/kurs/.ssh/id_ed25519 +Your public key has been saved in /home/kurs/.ssh/id_ed25519.pub +The key fingerprint is: +SHA256:V4vv6YvnJ2/YLexZ0ryBywOdgV+KsHkeojYfCggTqAY Testkey + + +kurs@tn011-purple:~$ sudo lxc-ls -f | grep rocky +tn011-rocky9 RUNNING 1 ansible 192.168.1.199 - false + + +kurs@tn011-purple:~$ ssh-copy-id -i ~/.ssh/id_ed25519 root@192.168.1.199 +/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/kurs/.ssh/id_ed25519.pub" +The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established. +ECDSA key fingerprint is SHA256:YY/m1KchoPhpiRXw8DK5rdsnPZEL6vyRBpYUSWRkVcA. +Are you sure you want to continue connecting (yes/no/[fingerprint])? yes +/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed +/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys +root@192.168.1.199's password: + +Number of key(s) added: 1 + +Now try logging into the machine, with: "ssh 'root@192.168.1.199'" +and check to make sure that only the key(s) you wanted were added. + + +kurs@tn011-purple:~$ ssh root@192.168.1.199 +Enter passphrase for key '/home/kurs/.ssh/id_ed25519': +[root@tn011-rocky9 ~]# cat .ssh/authorized_keys +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOHv4f9x3eTnxpIsPE2q7ZFnhd8kzSAXbL5blc+rpLcV Sven Velt, 2015-06-05 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6AKGshfnp+28Sb3SHLWfdT1DThgvADAbQ3Oq0TCAOm Sven Velt, Ansible-Kurs, 2017-11-26 +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVzRNqSc6cvRabMNWw7xUozbsCbGvkJckUPfbeX75as Testkey +[root@tn011-rocky9 ~]# exit + + +kurs@tn011-purple:~$ ssh-add -l +Could not open a connection to your authentication agent. + + +kurs@tn011-purple:~$ ssh-agent -t 86400 | tee ~/.ssh-agent.sh +SSH_AUTH_SOCK=/tmp/ssh-Ccpc8jmJ5ERt/agent.3170813; export SSH_AUTH_SOCK; +SSH_AGENT_PID=3170815; export SSH_AGENT_PID; +echo Agent pid 3170815; + + +kurs@tn011-purple:~$ source ~/.ssh-agent.sh +Agent pid 3170815 + + +kurs@tn011-purple:~$ ssh-add -l +The agent has no identities. + + +kurs@tn011-purple:~$ ssh-add -i ~/.ssh/id_ed25519 +Enter passphrase for /home/kurs/.ssh/id_ed25519: +Identity added: /home/kurs/.ssh/id_ed25519 (kurs@tn011-purple) + + +kurs@tn011-purple:~$ ssh-add -l +256 SHA256:V4vv6YvnJ2/YLexZ0ryBywOdgV+KsHkeojYfCggTqAY Testkey (ED25519) + + +kurs@tn011-purple:~$ ssh root@192.168.1.199 +Last login: Tue Mar 14 09:53:17 2023 from 192.168.1.1 +[root@tn011-rocky9 ~]# + + diff --git a/03/ssh-key_per_ansible.txt b/03/ssh-key_per_ansible.txt new file mode 100644 index 0000000..8d6593a --- /dev/null +++ b/03/ssh-key_per_ansible.txt @@ -0,0 +1,30 @@ +% ansible all -i 192.168.1.117, -u service -k -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\"" +# ^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^ ^^ +# | | | | +# | | | Frage nach SSH-Passwort, "sshpass" muss installiert sein, +# | | | Hostkey muss bereits gespeichert/akzeptiert sein +# | | | +# | | SSH-Login als User "service" +# | | +# | "Host-List", Komma-Liste der IP-Adressen - bei einer IP mit abschließendem Komma! +# | +# Alle bekannten Rechner + + +% ansible all -i 192.168.1.117, -u service -k -b -K -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\"" +# ^^ ^^ +# | | +# | Frage nach "Become"-Passwort, hier "sudo" (default) +# | +# Benutze "Become" + + +% ansible all -i 192.168.1.117, -u service -k -b --become-method=su -K -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\"" +# ^^ ^^^^^^^^^^^^^^^^^^ ^^ +# | | | +# | | Frage nach "Become"-Passwort, hier "su" +# | | +# | Nutze "su" für erweiterte Rechte/"Become" +# | +# Benutze "Become" +