Ansible-Kurs/2024-11
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Kapitel 03: SSH & Keys

Browse source
This commit is contained in:
Sven Velt 2024-11-26 08:43:42 +01:00
parent 5b5da64d11
commit 71cf74078d
2 changed files with 101 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
03/SSH-von-Anfang-an.txt Normal file
View file

@ -0,0 +1,71 @@
kurs@tn011-purple:~$ ssh-keygen -t ed25519 -C Testkey
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/kurs/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kurs/.ssh/id_ed25519
Your public key has been saved in /home/kurs/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:V4vv6YvnJ2/YLexZ0ryBywOdgV+KsHkeojYfCggTqAY Testkey
kurs@tn011-purple:~$ sudo lxc-ls -f | grep rocky
tn011-rocky9 RUNNING 1 ansible 192.168.1.199 - false
kurs@tn011-purple:~$ ssh-copy-id -i ~/.ssh/id_ed25519 root@192.168.1.199
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/kurs/.ssh/id_ed25519.pub"
The authenticity of host '192.168.1.199 (192.168.1.199)' can't be established.
ECDSA key fingerprint is SHA256:YY/m1KchoPhpiRXw8DK5rdsnPZEL6vyRBpYUSWRkVcA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.199's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.1.199'"
and check to make sure that only the key(s) you wanted were added.
kurs@tn011-purple:~$ ssh root@192.168.1.199
Enter passphrase for key '/home/kurs/.ssh/id_ed25519':
[root@tn011-rocky9 ~]# cat .ssh/authorized_keys
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOHv4f9x3eTnxpIsPE2q7ZFnhd8kzSAXbL5blc+rpLcV Sven Velt, 2015-06-05
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6AKGshfnp+28Sb3SHLWfdT1DThgvADAbQ3Oq0TCAOm Sven Velt, Ansible-Kurs, 2017-11-26
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVzRNqSc6cvRabMNWw7xUozbsCbGvkJckUPfbeX75as Testkey
[root@tn011-rocky9 ~]# exit
kurs@tn011-purple:~$ ssh-add -l
Could not open a connection to your authentication agent.
kurs@tn011-purple:~$ ssh-agent -t 86400 | tee ~/.ssh-agent.sh
SSH_AUTH_SOCK=/tmp/ssh-Ccpc8jmJ5ERt/agent.3170813; export SSH_AUTH_SOCK;
SSH_AGENT_PID=3170815; export SSH_AGENT_PID;
echo Agent pid 3170815;
kurs@tn011-purple:~$ source ~/.ssh-agent.sh
Agent pid 3170815
kurs@tn011-purple:~$ ssh-add -l
The agent has no identities.
kurs@tn011-purple:~$ ssh-add -i ~/.ssh/id_ed25519
Enter passphrase for /home/kurs/.ssh/id_ed25519:
Identity added: /home/kurs/.ssh/id_ed25519 (kurs@tn011-purple)
kurs@tn011-purple:~$ ssh-add -l
256 SHA256:V4vv6YvnJ2/YLexZ0ryBywOdgV+KsHkeojYfCggTqAY Testkey (ED25519)
kurs@tn011-purple:~$ ssh root@192.168.1.199
Last login: Tue Mar 14 09:53:17 2023 from 192.168.1.1
[root@tn011-rocky9 ~]#

30
03/ssh-key_per_ansible.txt Normal file
View file

@ -0,0 +1,30 @@
% ansible all -i 192.168.1.117, -u service -k -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\""
# ^^^ ^^^^^^^^^^^^^^^^^ ^^^^^^^^^^ ^^
# | | | |
# | | | Frage nach SSH-Passwort, "sshpass" muss installiert sein,
# | | | Hostkey muss bereits gespeichert/akzeptiert sein
# | | |
# | | SSH-Login als User "service"
# | |
# | "Host-List", Komma-Liste der IP-Adressen - bei einer IP mit abschließendem Komma!
# |
# Alle bekannten Rechner
% ansible all -i 192.168.1.117, -u service -k -b -K -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\""
# ^^ ^^
# | |
# | Frage nach "Become"-Passwort, hier "sudo" (default)
# |
# Benutze "Become"
% ansible all -i 192.168.1.117, -u service -k -b --become-method=su -K -m authorized_key -a "user=service key=\"$(cat ~/.ssh/id_ed25519.pub)\""
# ^^ ^^^^^^^^^^^^^^^^^^ ^^
# | | |
# | | Frage nach "Become"-Passwort, hier "su"
# | |
# | Nutze "su" für erweiterte Rechte/"Become"
# |
# Benutze "Become"