miroir de
https://github.com/PAPAMICA/Wiki-Tech.io.git
synchronisé 2024-07-03 00:28:55 +02:00
docs: update Configuration/Ansible/Installation
Cette révision appartient à :
Mickael Asseline
Mickael Asseline
Parent
0fe71f9db3
révision
7b61edf307
|
|
@ -2,7 +2,7 @@
|
|||
title: Ansible - Installation et configuration
|
||||
description: Mettre en place Ansible dans son environnement
|
||||
published: true
|
||||
date: 2021-07-08T17:18:58.350Z
|
||||
date: 2021-07-08T17:36:05.922Z
|
||||
tags: ansible, configuration
|
||||
editor: markdown
|
||||
dateCreated: 2021-07-08T17:18:58.350Z
|
||||
|
|
@ -83,3 +83,90 @@ ou installation (raw ne dépend pas de python côté client)
|
|||
ansible myhost --become -m raw -a "yum install -y python2"
|
||||
```
|
||||
Doc : https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html#ansible-python-interpreter
|
||||
|
||||
# Configuration SSH
|
||||
|
||||
<div class="video-responsive">
|
||||
<iframe width="560" height="315" src="https://www.youtube.com/embed/dpDQ94huxmI" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
||||
</div>
|
||||
|
||||
## Principes clefs
|
||||
* clef privée
|
||||
* clef privée
|
||||
* type de clef / algorithme (rsa, dsa, ecdsa)
|
||||
* longeur de clef (dépend de l'algo ecdsa 521)
|
||||
|
||||
## Gestion d'une clef SSH
|
||||
|
||||
### Génération via ssh-keygen
|
||||
```bash
|
||||
ssh-keygen -t ecdsa -b 521
|
||||
```
|
||||
|
||||
Spécifier la localisation de sortie
|
||||
```bash
|
||||
ssh-keygen -t ecdsa -b 521 -f /myhome/.ssh/maclefprivee
|
||||
```
|
||||
|
||||
> Configurez une passphrase sinon une clef ssh est plus dangereuse qu'un password
|
||||
{.is-warning}
|
||||
|
||||
### Ajout de votre clef publique sur le host distant
|
||||
```bash
|
||||
vim /home/user/.ssh/authorized_keys
|
||||
```
|
||||
Ou via ssh-copy-id
|
||||
```bash
|
||||
ssh-copy-id -i /myhome/.ssh/maclefprivee xavki@monhost
|
||||
```
|
||||
|
||||
Remarque : specific pour une ip
|
||||
```bash
|
||||
from="10.0.0.?,*.example.com",no-X11-forwarding ssh-rsa AB3Nz...EN8w== xavki@monhost
|
||||
```
|
||||
|
||||
|
||||
### Utilisation de la clef
|
||||
```bash
|
||||
ssh -i /localisation/clef/privee xavki@monhost
|
||||
```
|
||||
|
||||
Ou plus facilement par un agent ssh (embarque votre configuration ssh)
|
||||
|
||||
Check si un agent tourne
|
||||
```bash
|
||||
ps -p $SSH_AGENT_PID
|
||||
```
|
||||
Lancement d'un agent ssh
|
||||
```bash
|
||||
eval `ssh-agent`
|
||||
```
|
||||
Ajout de la clef à l'agent
|
||||
```bash
|
||||
ssh-add
|
||||
```
|
||||
Check de la clef de l'agent
|
||||
```bash
|
||||
ssh-add -l
|
||||
```
|
||||
|
||||
Exemple :
|
||||
```bash
|
||||
touch ~/.ssh/config
|
||||
chmod 600 ~/.ssh/config
|
||||
cat ~/.ssh/config
|
||||
|
||||
Host * !monhost*
|
||||
User vagrant
|
||||
Port 22
|
||||
IdentityFile /myhome/.ssh/maclefprivee
|
||||
LogLevel INFO
|
||||
Compression yes
|
||||
ForwardAgent yes
|
||||
ForwardX11 yes
|
||||
```
|
||||
|
||||
Astuce pour bypasser la conf
|
||||
```bash
|
||||
ssh -F /dev/null xavki@monhost
|
||||
```
|
||||
Chargement…
Référencer dans un nouveau ticket