To configure a SSH trust relationship providing authentication via RSA public keys is necessary to follow the next steps:<\/p>\n\n\n\n
In my lab I’m currently using my Ansible master<\/strong> server like the origin<\/strong> server and my Ansible node1<\/strong> like the destination<\/strong> server. <\/p>\n\n\n\n Lab Example<\/strong>:<\/p>\n\n\n\n If we try to connect via ssh<\/strong> from<\/strong> Ansible master<\/strong> to node1<\/strong> with the remote user, we will need to introduce<\/strong> the password<\/strong> in the prompt:<\/p>\n\n\n\n We have to use ssh-keygen<\/strong> command with -b flag. <\/p>\n\n\n\n The -b<\/strong> flag<\/strong> instructs ssh-keygen to increase the number of bits used to generate the key pair, and is suggested for additional security<\/strong>.<\/p>\n\n\n\n Important!<\/strong>: keep in mind that if you execute ssh-keygen command, it will overwrite<\/strong> an existing RSA key pair<\/strong>, potentially locking you out of other systems.<\/p>\n\n\n\n Then press Enter<\/strong> to use the default<\/strong> names id_rsa<\/strong> and id_rsa.pub<\/strong> in the \/home\/your_username\/.ssh<\/strong> directory before entering your passphrase.<\/p>\n\n\n\n While creating the key pair, we will be given the option to encrypt the private key with a passphrase<\/strong>. This means that the key pair cannot be used without entering the passphrase (unless we save that passphrase to our local machine\u2019s keychain manager). Is possible leave this field blank<\/strong>, that is what we will do in the example:<\/p>\n\n\n\n We can do this step just copying the public key<\/strong>(\/home\/remote\/.ssh\/id_rsa.pub) to the remote<\/strong> server<\/strong> over authorized_keys<\/strong> file located in \/home\/remote\/.ssh\/.<\/p>\n\n\n\n Or<\/strong> using<\/strong> the specific utility for that task, called ssh-copy-id<\/strong>. The utility ssh-copy-id can copy a SSH public key to a remote server over SSH. And we can use it executing the following commands:<\/p>\n\n\n\n There is a method if we don’t <\/strong>want to introduce<\/strong> the password<\/strong> for each server. Follow the steps with this article:<\/p>\n\n\n\n Best way to distribute users\u2019s Public ssh Key to many hosts (no prompt password)<\/a> We already copied the public key<\/strong> from Ansible master to node1 in the path \/home\/remote\/.ssh\/ with a different file name, authorized_keys<\/strong>.<\/p>\n\n\n\n And now we can see the new file in node1:<\/p>\n\n\n\n Now, if we try again the ssh<\/strong> connection, we will connect without provide any password, because we are providing authentication via RSA public keys<\/strong> :<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" To configure a SSH trust relationship providing authentication via RSA public keys is necessary to follow the next steps: Generate … More Configure SSH trust relationship<\/span> Ansible master: 192.168.152.135\nAnsible node1: 192.168.152.136<\/code><\/pre>\n\n\n\nBefore the configuration<\/h3>\n\n\n\n
[remote@ansible]$ ssh remote@192.168.152.136\nremote@192.168.152.136's password: \n\nLast login: Wed Jul 24 09:40:44 2019 from 192.168.152.135\n[remote@node1 ~]$ <\/code><\/pre>\n\n\n\nStarting the configuration:<\/h3>\n\n\n\n
1. Generate a Key Pair<\/h3>\n\n\n\n
[remote@ansible]$ ssh-keygen -b 4096<\/code><\/pre>\n\n\n\nGenerating public\/private rsa key pair.\n\nEnter file in which to save the key (\/home\/remote\/.ssh\/id_rsa): \nEnter passphrase (empty for no passphrase): \nEnter same passphrase again: \n\nYour identification has been saved in \/home\/remote\/.ssh\/id_rsa.\nYour public key has been saved in \/home\/remote\/.ssh\/id_rsa.pub.\n\nThe key fingerprint is:\nSHA256:zllyF+t37cWgJAkzn38Gec1Jsp7SNtvm3Ws0Rzip9Hz remote@ansible.localdomain\nThe key's randomart image is:\n+---[RSA 4096]----+\n| |\n| + . . |\n| = o +=o|\n| = o.A.=|\n| S .=o=.B |\n| o . ++*=oB|\n| . * o oo=++|\n| o + ....++|\n| o. +o+|\n+----[SHA256]-----+<\/code><\/pre>\n\n\n\n2. Upload your Public Key to remote server<\/h3>\n\n\n\n
[remote@ansible]$ ssh-copy-id remote@192.168.152.136<\/code><\/pre>\n\n\n\n\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: \"\/home\/remote\/.ssh\/id_rsa.pub\"\nThe authenticity of host '192.168.152.136 (192.168.152.136)' can't be established.\nECDSA key fingerprint is SHA256:lYyLFG9lhEsTmhoYB5zEdKVS1+jflyMO\/ymyNKaNxRo.\nECDSA key fingerprint is MD5:21:59:d7:13:36:2f:0c:ba:10:37:79:70:f6:da:78:b5.\nAre you sure you want to continue connecting (yes\/no)? yes\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\nremote@192.168.152.136's password: \n\nNumber of key(s) added: 1\n\nNow try logging into the machine, with: \"ssh 'remote@192.168.152.136'\"\nand check to make sure that only the key(s) you wanted were added.<\/code><\/pre>\n\n\n\n
<\/p>\n\n\n\n3. Checking the authorized_keys file in remote server<\/h3>\n\n\n\n
[remote@node1]$ cd \/home\/remote\/.ssh\/\n\n[remote@node1 .ssh]$ cat authorized_keys \nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWBB+y0J8o5xYqsSfv6jc2fIu1UPW8YWEBOnAHG1Wnrp2tZEjaAysFPV+UNaRTL9kEclpOJ4L1zGMVTL5Va9dqVNVgH4kqw2sTnYTqmIXURBcvxi5nwVo+m5o6Hh96KSTJy5dD\/EmnMkkBznMoUCwdld0a4c8jZ1chWUTzae\/3\/yQG5rfYpE7Ht0MJ2\/vaqHpPOlaEKfXUjOTCY\/u8TFtDt89w5\/t8RivdGH2KSNZ5PtAVCI7uCzcEE7e1bhQjroba37htDNwJ7wGQgCJYJWd1Vy5pLe3aKNrhnjC3M5ZXb7YI1TgH4zRzkHKUH1dTIQ6cOsUE4LNhyn9AwCqLzf\/1 remote@ansible.localdomain<\/code><\/pre>\n\n\n\n4. Checking the authentication via RSA<\/h3>\n\n\n\n
[remote@ansible]$ ssh remote@192.168.152.136\nLast login: Wed Jul 24 06:53:40 2019 from 192.168.152.135\n[remote@node1 ~]$ <\/code><\/pre>\n\n\n\n