Copy SSH key by Ansible Playbook to enable password less SSH authentication


When we manage numerous servers, it is very difficult to remember the password of each server by an administrator. Another advantage to have a password less authentication is automation. When we run automation scripts to fetch the details of multiple remote servers, we may not be able to provide the password of each server in an effective way. Another usage of it is Ansible deployment. Ansbile uses password less authentication from control node to managed hosts for communication.

 Below the steps to enable password less authentication is Linux/Unix servers.

·         Login to server as the user which needs connection to other servers.
·         Generate a SSH key pair by ssh-keygen command.
This command may ask few questions or input from your side. Leave everything as default. Just keep on press enter key when it prompts for any input.

[user@ansible-control-node ~]$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXEtLYBW/i1lE+fuKkxz0k8fMAdVcnEe9pdkuSkTAJU user@ansible-control-node
The key's randomart image is:
+---[RSA 2048]----+
|       o+o+=+ +BB|
|      o. +oEo*+==|
|     .  o .o+ +.*|
|         o + B +.|
|        S o.. B  |
|          +.o... |
|         o + o...|
|          o  .. .|
|           ..    |
+----[SHA256]-----+
[user@ansible-control-node ~]$

These key files will be available in .ssh directory resides in the home directory of the user.

[user@ansible-control-node ~]$ls -l ~/.ssh/
total 8
-rw------- 1 user user 1675 Apr  4 08:50 id_rsa
-rw-r--r-- 1 user user  407 Apr  4 08:50 id_rsa.pub
[user@ansible-control-node ~]$

·         Create an Ansible playbook to copy the key to remote file. The content of ansible play book should be like below. I took the snippet of this as well here to understand the indentation. You know that indentation is very much important in yaml files.


---
- name: Playbook to deploy SSH public keys to managed nodes by Ansible
  hosts: all

  tasks:
    - name: Ensure key is in user's ~/.ssh/authorized_keys
      authorized_key:
        user: user
        state: present
        key: '{{ item }}'
      with_file:
        - ~/.ssh/id_rsa.pub

Snippet to understand the indentation of each line:



Now execute the ansible playbook and copy the public key to remote server. In this case I have my ansible configuration file in the present directory and populated the inventory file with list of remote server details (I have only one server listed in the inventory file).

[user@ansible-control-node ~]$ ls -l
total 12
-rw-rw-r-- 1 user user  75 Apr  4 08:47 ansible.cfg
-rw-rw-r-- 1 user user  14 Apr  4 09:37 inventory.txt
-rw-rw-r-- 1 user user 292 Apr  4 09:36 ssh-pwdless-auth.yml
[user@ansible-control-node ~]$
[user@ansible-control-node ~]$ cat ansible.cfg
[defaults]
inventory = ./inventory.txt
remote_user = user
ask_pass = true

[user@ansible-control-node ~]$
[user@ansible-control-node ~]$ cat inventory.txt
remote-server
[user@ansible-control-node ~]$


Now we can execute the ansible-playbook command to copy the file to remote server.
[user@ansible-control-node ~]$ ansible-playbook ssh-pwdless-auth.yml
SSH password: <<<- provide remote user password here.

PLAY [Playbook to deploy SSH public keys to managed nodes by Ansible] *******************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
ok: [remote-server]

TASK [Ensure key is in user's ~/.ssh/authorized_keys] ***********************************************************************************
changed: [remote-server] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4agnS0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSW8NlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIywbVuPeoqYb+zizk9DG0eXRGBvf7NhlJei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun user@ansible-control-node)

PLAY RECAP ******************************************************************************************************************************
remote-server              : ok=2    changed=1    unreachable=0    failed=0

[user@ansible-control-node ~]$

Now we should be able to login to the server without any password like below.

[user@local-server ~]$ssh user@remote-server
Last login: Sat Apr  4 08:55:26 2020 from 192.168.1.71
[user@anslabsrv2 ~]$

Comments

Popular posts from this blog

AIX Firefox Installation

AIX Commands

How to increase swap size on CentOS 8 / RHEL 8

How to configure NTP in RHEL8 or CentOS 8 by chronyd.

System Administration

How to manage Linux systems through web browser (cockpit for Linux): CentOS 7, CentOS 8, RHEL 7, RHEL 8, Fedora, Ubuntu and Debian systems.

How to find big files in Linux, Unix, AIX

Remote X11 forwarding for AIX in command line.

How to enable VNC server (get GUI remotely) in CentOS 7, RHEL 7, CentOS 8 and RHEL 8 servers.

How to change Time Zone in CentOS 8, RHEL 8 and Ubuntu systems