标签:免密 19 CICD rsa qa ssh key root id
- 生成ssh-key (服务器A & B)
[root@qa onpremise]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:VKJse879Ea0aSnRhyhziJih9bncJ+TXdV+36PYEGWus root@qa
The key's randomart image is:
- 获取public key (服务器A)
[root@qa .ssh]# more id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvul1XiuAkoQP18ouUVEDGmz5MQjf/Fd55s4QYZJvXq9o5dCwhZ9nwwGFCU5ZWkHeFIYBjx1dqAaOXXZOMorV5n0w8OaooXPEV4S2GOa
llrdrRgXKTUbYZBs61GPF42K25TyEUHG9kmv86qN65BKjvtFGSlCYGE7nnkgDXyKQYlY9OVT2Ip8Vcs/JY1KBkYr0lj21oTk8yJILs/M/Xl3Vov0h/nclaJBAnMXuV6qm9T0BsuuUOVoba
BShHvEwVVkzsSYCffyalC6qZ5Ow1NqQipcLOFBcatt8w6Gsp4zuF9m2+GGufosFe2WJFGiUoDdVPWhNrSpnezyQTsw4bajdf root@qa
[root@qa .ssh]#
- 把public key 拷贝到目标机器(服务器A->B)
[root@qa ~]# scp /root/.ssh/id_rsa.pub 172.16.128.153:/root/.ssh/authorized_keys
[email protected]'s password:
id_rsa.pub 100% 389 23.6KB/s 00:00
[root@qa ~]#
[root@qa ~]#
[root@qa ~]#
[root@qa ~]#
[root@qa ~]#
[root@qa ~]# ssh 172.16.128.153 # 测试免密成功
Last login: Sat Feb 11 06:13:48 2023 from 172.16.128.116
- 生成ssh-keygen (服务器 A&B)
[root@qa onpremise]# ssh-keygen
Generating public/private rsa key pair.
- gitlab-runner上获取id_rsa私有密钥 (服务器 A)
[root@qa .ssh]# more id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAr7pdV4rgJKED9fKLlFRAxps+TEI3/xXeebOEGGSb16vaOXQs
IWfZ8MBhQlOWVpB3hSGAY8dXagGjl12TjKK1eZ9MPDmqKFzxFeEthjmpZa3a0YFy
k1G2GQbOtRjxeNituU8hFBxvZJr/OqjeuQSo77RRkpQmBhO555IA18ikGJWPTlU9
iKfFXLPyWNSgZGK9JY9taE5PMiSC7PzP15d1aL9If53JWiQQJzF7leqpvU9AbLrl
DlaG2gUoR7xMFVZM7EmAn38mpQuqmeTsNTakIqXCzhQXGrbfMOhrKeM7hfZtvhhr
n6LBXtliRRolKA3VT1oTa0qZ3s8kE7MOG2o3XwIDAQABAoIBAQCMEDMN77cv+ta5
VhVCqNToeBxzk+QmATxOLHOBLc+5W1SYrqvuBGSFrBDZWN5fKM7a4hT/coeOCrhl
kURlt9qFkh6lciDaAxp1ogEzFwqZ7LSYgGDeYyaNVAu19Kei9rGhHhzzdqaivZfp
HWhIeBpe1I6gEk0sUtS+anUZiOaiYF+T+KAA5XG4lbejupsQgOxPJRamDu/KnINb
XcPI2J2LX+oeG02FdBcrIB/gUOcdu4BYVqfwX2LG3IRg1W7cInIxOYaHaO3+E6CX
OHGJsfK+7RZW9TDLURBkT/w13Wu9Vc+TtA7B9KtsMv90pnQcHScU82CF3MhBkJFA
J1qm+9pBAoGBAOZBzFomBv1kIsNb6Au94xGkEdeIi5VS1AtouNlbVnXOM5i3zMpk
r6MmpQae+pCryGqczjWuyhlE9KuYT+523pz4PydpkD6+aWm2LCkW78km4JijZt5j
- 变量进Gitlab(服务器A gitlab-runner)
- 连接服务器B
variables:
user: eric
pwd: Admin@1234
harbor: http://172.16.128.215:8080
image_hellocat: 172.16.128.215:8080/hive/hellocat
stages:
- testing
- build
- deploy_qa
deploy_to_qa:
stage: deploy_qa
tags:
- shell
before_script:
- eval $(ssh-agent -s) #执行ssh
- ssh-add <(echo "$SERVER_PRIVATE_KEY") #读取密钥并加入列表,来自step2配置的gitlab全局变量
script:
- echo "start deploying"
- ssh -o StrictHostKeyChecking=no [email protected] "ls -l " # 非交互执行
- 执行结果:
标签:免密,
19,
CICD,
rsa,
qa,
ssh,
key,
root,
id
From: https://blog.51cto.com/u_12391275/6050956