How to save ssh key on the host?

Hi all,
Try to implement ansible. Raised ansible on a separate machine and connected several servers.
To log on to the server, generate the key on the host, and then copy it to ssh-copy-id on ansible-server.
But after the updates on the hosts change ssh-key has to generate the key again(to go to hosts).
How you can keep the key constant? or after upgrading to fill the old hosts?
March 23rd 20 at 18:55
2 answers
March 23rd 20 at 18:57
it is unclear how it can change the ssh key on the host ?? just because it doesn't change. some lucet brain's auto-update ??
system keys are in /etc/ssh in the same basic configs.
keys user see /etc/ssh/ssh_config. usually
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
zabekapit and restore.
but to better understand who is engaged in unauthorized activity.
@Faustino54 About backup a good idea, but time is spent approximately as much on a new integration. In fact get that key on the server for user ansible has changed and we have to repeat the ssh-copy-id and delete the old one from /.ssh/authorized_keys. And it's unnecessary movements and time, even for 10 hosts. - Nona20 commented on March 23rd 20 at 19:00
@Nona20, backup can be done direct on the host. and provenance to put in crowns.
for example, consider a hash key does not match - restore from a backup.
and the us hosts without your interference will keep track of your keys. - Faustino54 commented on March 23rd 20 at 19:03
March 23rd 20 at 18:59
Frankly, I don't understand what you are really doing. Describe how to do it in my opinion.
For the SSH key via the ssh client must be the private key and the server to which it connects corresponding public key.

Ansible by default will run under your user (under which you are working on a machine with ansible). That is, you should use the command ssh-copy-id to put the public key of this user on all servers you want to manage. (It can be done manually through the edit in the server file ~/.ssh/authorized_keys).

More can be done more conveniently, in my opinion - that when the ansible is the machine you connect to other servers, use your own key, not user key ansible. On your car you need to include AgentForwarding for the host with ansible:

 ForwardAgent yes
@eileen.Lango Igor, thanks for the reply. I understand that I am on the management server(ansible) create a key pair(private and public) for the user ansible. Then the host is unix that you want to manage, create the same user and copy the key ssh-copy-id from the server management(ansible)? - Nona20 commented on March 23rd 20 at 19:02
not necessarily the same. Can this key though Ruth to give to the remote server. - breanna55 commented on March 23rd 20 at 19:05
@Nona20 Yes, the user can be any, but if it will differ from the user on the client will need to explicitly specify. That is, when connecting via ssh to write not just ssh myhost.ruand ssh

You can also use the ssh connection settings that you configure each host in ~/.ssh/config, and in the case of ansible in his inventory file. How to do this see the documentation. - eileen.Lango commented on March 23rd 20 at 19:08

Find more questions by tags AnsibleLinux