Ansible PreferredAuthentications SSH 设置从何而来？

Question

我正在使用 SSH 用户名和密码设置运行标准的 ansible (v2.3.1) 剧本。使用“-vvvv”设置时，我可以看到生成了这些 SSH 命令

EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s 
-o StrictHostKeyChecking=no -o Port=2222 
-o KbdInteractiveAuthentication=no 
-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey 
-o PasswordAuthentication=no -o User=dc_user -o ConnectTimeout=10

在上述情况下，从何处提取“PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey”设置。我相信这些来自客户端 SSH 配置设置，但这是正确的吗？

我知道我可以通过在我的“ansaible.cfg”中定义它来覆盖 ssh 参数

[ssh_connection]
scp_if_ssh=True
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey

谁可以给我解释一下这个？谢谢

Answer 1

我观察到-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey在源代码中是硬编码的

如果覆盖ssh_args在ansible.cfg要-o PreferredAuthentications=publickey被添加到SSH命令行，但这并不能取代-o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey

例子：

$ grep ssh_args /etc/ansible/ansible.cfg 
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o     PreferredAuthentications=publickey
$ ansible rhel7a -m ping -vvvv |grep EXEC
<rhel7a> SSH: EXEC ssh -vvv -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/13dd447a86 rhel7a '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''