Copy SSH key by Ansible Playbook to enable password less SSH authentication
When we manage numerous servers, it is very difficult to remember
the password of each server by an administrator. Another advantage to have a
password less authentication is automation. When we run automation scripts to
fetch the details of multiple remote servers, we may not be able to provide the
password of each server in an effective way. Another usage of it is Ansible
deployment. Ansbile uses password less authentication from control node to
managed hosts for communication.
Below the steps to
enable password less authentication is Linux/Unix servers.
·
Login to server as the user which needs
connection to other servers.
·
Generate a SSH key pair by ssh-keygen command.
This command may ask few questions or input from your
side. Leave everything as default. Just keep on press enter key when it prompts
for any input.
[user@ansible-control-node
~]$ssh-keygen
Generating
public/private rsa key pair.
Enter file in which to
save the key (/home/user/.ssh/id_rsa):
Created directory
'/home/user/.ssh'.
Enter passphrase (empty
for no passphrase):
Enter same passphrase
again:
Your identification has
been saved in /home/user/.ssh/id_rsa.
Your public key has been
saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXEtLYBW/i1lE+fuKkxz0k8fMAdVcnEe9pdkuSkTAJU
user@ansible-control-node
The key's randomart
image is:
+---[RSA 2048]----+
| o+o+=+ +BB|
| o. +oEo*+==|
| . o
.o+ +.*|
| o + B +.|
| S o.. B
|
| +.o... |
| o + o...|
| o
.. .|
| ..
|
+----[SHA256]-----+
[user@ansible-control-node
~]$
These key files will be available in .ssh directory resides in the home directory of the user.
[user@ansible-control-node
~]$ls -l ~/.ssh/
total 8
-rw------- 1 user user
1675 Apr 4 08:50 id_rsa
-rw-r--r-- 1 user
user 407 Apr 4 08:50 id_rsa.pub
[user@ansible-control-node
~]$
·
Create an Ansible playbook to copy the key to
remote file. The content of ansible play book should be like below. I took the
snippet of this as well here to understand the indentation. You know that
indentation is very much important in yaml files.
---
- name: Playbook to
deploy SSH public keys to managed nodes by Ansible
hosts: all
tasks:
- name: Ensure key is in user's
~/.ssh/authorized_keys
authorized_key:
user: user
state: present
key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub
Now execute the ansible playbook and copy the public key
to remote server. In this case I have my ansible configuration file in the
present directory and populated the inventory file with list of remote server
details (I have only one server listed in the inventory file).
[user@ansible-control-node
~]$ ls -l
total 12
-rw-rw-r-- 1 user
user 75 Apr 4 08:47 ansible.cfg
-rw-rw-r-- 1 user
user 14 Apr 4 09:37 inventory.txt
-rw-rw-r-- 1 user user
292 Apr 4 09:36 ssh-pwdless-auth.yml
[user@ansible-control-node
~]$
[user@ansible-control-node
~]$ cat ansible.cfg
[defaults]
inventory =
./inventory.txt
remote_user = user
ask_pass = true
[user@ansible-control-node
~]$
[user@ansible-control-node
~]$ cat inventory.txt
remote-server
[user@ansible-control-node
~]$
Now we can execute the ansible-playbook command to copy
the file to remote server.
[user@ansible-control-node
~]$ ansible-playbook ssh-pwdless-auth.yml
SSH password: <<<- provide remote user password here.
PLAY [Playbook to deploy
SSH public keys to managed nodes by Ansible]
*******************************************************************
TASK [Gathering Facts]
******************************************************************************************************************
ok: [remote-server]
TASK [Ensure key is in
user's ~/.ssh/authorized_keys]
***********************************************************************************
changed:
[remote-server] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4agnS0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSW8NlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIywbVuPeoqYb+zizk9DG0eXRGBvf7NhlJei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun
user@ansible-control-node)
PLAY RECAP
******************************************************************************************************************************
remote-server : ok=2 changed=1 unreachable=0 failed=0
[user@ansible-control-node
~]$
Now we should be able to login to the server without any
password like below.
[user@local-server
~]$ssh user@remote-server
Last login: Sat Apr 4 08:55:26 2020 from 192.168.1.71
[user@anslabsrv2 ~]$
But before you blindly jump ships, here’s the strategy you need to} follow to beat video poker machines. Video poker considered one of the|is amongst the|is doubtless one of the} few on line casino games that not solely offer variety of the} highest odds in on line casino playing but it gives you also the thecasinosource.com possibility to influence the game’s outcome. By concentrating on the best promotions, you stand a bigger bigger|an even bigger} chance to play for longer on video poker machines.
ReplyDelete