Copy SSH key by Ansible Playbook to enable password less SSH authentication


When we manage numerous servers, it is very difficult to remember the password of each server by an administrator. Another advantage to have a password less authentication is automation. When we run automation scripts to fetch the details of multiple remote servers, we may not be able to provide the password of each server in an effective way. Another usage of it is Ansible deployment. Ansbile uses password less authentication from control node to managed hosts for communication.

 Below the steps to enable password less authentication is Linux/Unix servers.

·         Login to server as the user which needs connection to other servers.
·         Generate a SSH key pair by ssh-keygen command.
This command may ask few questions or input from your side. Leave everything as default. Just keep on press enter key when it prompts for any input.

[user@ansible-control-node ~]$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa):
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:hXEtLYBW/i1lE+fuKkxz0k8fMAdVcnEe9pdkuSkTAJU user@ansible-control-node
The key's randomart image is:
+---[RSA 2048]----+
|       o+o+=+ +BB|
|      o. +oEo*+==|
|     .  o .o+ +.*|
|         o + B +.|
|        S o.. B  |
|          +.o... |
|         o + o...|
|          o  .. .|
|           ..    |
+----[SHA256]-----+
[user@ansible-control-node ~]$

These key files will be available in .ssh directory resides in the home directory of the user.

[user@ansible-control-node ~]$ls -l ~/.ssh/
total 8
-rw------- 1 user user 1675 Apr  4 08:50 id_rsa
-rw-r--r-- 1 user user  407 Apr  4 08:50 id_rsa.pub
[user@ansible-control-node ~]$

·         Create an Ansible playbook to copy the key to remote file. The content of ansible play book should be like below. I took the snippet of this as well here to understand the indentation. You know that indentation is very much important in yaml files.


---
- name: Playbook to deploy SSH public keys to managed nodes by Ansible
  hosts: all

  tasks:
    - name: Ensure key is in user's ~/.ssh/authorized_keys
      authorized_key:
        user: user
        state: present
        key: '{{ item }}'
      with_file:
        - ~/.ssh/id_rsa.pub

Snippet to understand the indentation of each line:



Now execute the ansible playbook and copy the public key to remote server. In this case I have my ansible configuration file in the present directory and populated the inventory file with list of remote server details (I have only one server listed in the inventory file).

[user@ansible-control-node ~]$ ls -l
total 12
-rw-rw-r-- 1 user user  75 Apr  4 08:47 ansible.cfg
-rw-rw-r-- 1 user user  14 Apr  4 09:37 inventory.txt
-rw-rw-r-- 1 user user 292 Apr  4 09:36 ssh-pwdless-auth.yml
[user@ansible-control-node ~]$
[user@ansible-control-node ~]$ cat ansible.cfg
[defaults]
inventory = ./inventory.txt
remote_user = user
ask_pass = true

[user@ansible-control-node ~]$
[user@ansible-control-node ~]$ cat inventory.txt
remote-server
[user@ansible-control-node ~]$


Now we can execute the ansible-playbook command to copy the file to remote server.
[user@ansible-control-node ~]$ ansible-playbook ssh-pwdless-auth.yml
SSH password: <<<- provide remote user password here.

PLAY [Playbook to deploy SSH public keys to managed nodes by Ansible] *******************************************************************

TASK [Gathering Facts] ******************************************************************************************************************
ok: [remote-server]

TASK [Ensure key is in user's ~/.ssh/authorized_keys] ***********************************************************************************
changed: [remote-server] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZai74/F4A3eNO20PTW4agnS0zjm9cF+7U1AErdufBZl2NpIziP4JpGrbM/TQV0e73/YGmb603JsE3tj5glUJMx2tT4Jl1HjylIC7FvPdHfyGcaWsoybSW8NlLV4rH0HmIBIGVo06Qb72OOrWPBD2ZgIywbVuPeoqYb+zizk9DG0eXRGBvf7NhlJei2Tt1V+WWRgUycbNiWIb3Q+hUdCLpBEuiOBaDtUu7XY4MpQtiRSyjxr4rlN0eh52ODH7k6rgpDQaM3OiG0v3iDPadi6ZWsoeJApDXMjLEghUMwfT2OClBk8Q4Bi3ioC8FopeAowNRqL3RMGDoavPZqrQpYOun user@ansible-control-node)

PLAY RECAP ******************************************************************************************************************************
remote-server              : ok=2    changed=1    unreachable=0    failed=0

[user@ansible-control-node ~]$

Now we should be able to login to the server without any password like below.

[user@local-server ~]$ssh user@remote-server
Last login: Sat Apr  4 08:55:26 2020 from 192.168.1.71
[user@anslabsrv2 ~]$

Comments

Post a Comment

Popular posts from this blog

AIX Firefox Installation

Overview           Mozilla Firefox for AIX is an Open Source Web Browser. It delivers helpful new features and continues to lead the way in on-line security. It implements technologies like the Gecko layout engine, and supports Web standards or draft standards like HTML, XHTML, XML, CSS, DOM, and many more . Version of Firefox Mozilla Firefox with version 3.5.13.1 can be installed in AIX 5.3 and later. Installation Procedure The following rpm s are the pre requisites for Firefox(64 bit). These packages will be available from the AIX Toolbox for Linux Applications CD/DVD. Before installing the prerequisites check the availability of 150MB free space on the /opt file system. atk-1.12.3-2.aix5.2.ppc.rpm cairo-1.8.8-1.aix5.2.ppc.rpm expat-2.0.1-1.aix5.2.ppc.rpm fontconfig-2.4.2-1.aix5.2.ppc.rpm freetype2-2.3.9-1.aix5.2.ppc.rpm gettext-0.10.40-6.aix5.1.ppc.rpm glib2-2.12.4-2.aix5.2.ppc.rpm gtk2-2.10.6-4.aix5.2.ppc.rpm libjpeg-6b-6.aix5.1.ppc.rpm libpng
Read more

How to increase swap size on CentOS 8 / RHEL 8

Swap space is the second type of memory in modern Linux systems. The primary function of swap space is to substitute disk space for RAM memory when real RAM fills up and more space is needed. Linux uses swap space to increase the amount of virtual memory available to a host. It can use one or more dedicated swap partitions or a swap file on a regular filesystem or logical volume. Now we are going to check: •              Current swap space in the system. •              How to identify swap volumes in the system. •              How to increase the size of swap volume. •              How to add one more swap device to system. This documentation is based on the test done in a CentOS 4.18.0-80.el8.x86_64 machine. The same procedure can be applied on RHEL 8 as well. We follow the LVM method to manage the volumes here though a normal partition also can be used for swap. We will see both the options here when we add another device as a swap volume. How to check the cu
Read more

Upgrade curl 7.29 to 7.69 in CentOS 7 or RedHat 7

By default we can see 7.29 as the latest version of curl in CentOS or RHEL7. Here we are going to see how we can upgrade it to version 7.69. We use city-fan.org repo for the upgrade of curl. Lets see how to install and enable this repo and upgrade the curl package. Install the "city-fan.org" repo # rpm -Uvh http://www.city-fan.org/ftp/contrib/yum-repo/city-fan.org-release-2-1.rhel7.noarch.rpm Enable the repo "city-fan.org" in configuration file. Open the file /etc/yum.repos.d/city-fan.org.repo and enable the repo "city-fan.org" # vim /etc/yum.repos.d/city-fan.org.repo Upgrade the "curl" package from this repo. # yum update curl -y Once the update is done you can check the version of curl package by "rpm" command. # rpm -qa |grep curl libcurl-devel-7.69.1-1.1.cf.rhel7.x86_64 python-pycurl-7.19.0-19.el7.x86_64 libcurl-7.69.1-1.1.cf.rhel7.x86_64 curl-7.69.1-1.1.cf.rhel7.x86_64 #
Read more

How to configure NTP in RHEL8 or CentOS 8 by chronyd.

Network Time Protocol is used in systems to get the clock synced between them. All systems will sync their clock with NTP server is they are configured to do so. In RHEL8 or CentOS 8 it is achieved through “ chronyd ”. The “ chronyd ” daemon can be managed by the command “ chronyc ”. Below steps involve in configuring NTP through chronyd in linux systems. ·         Install the necessary packages. ·         Configure chrony service to sync with NTP server. ·         Set NTP synchronization. ·         Enable necessary firewall rules. ·         Enable and start chronyd service. Installation of chrony on RHEL8 or CentOS8. The below command helps to install chronyd in RHEL/CentOS 8. [root@system1 ~]# yum install chrony -y Chrony (NTP) server configuration The main configuration file for “ chronyd ” is /etc/chrony.conf . [root@system1 ~]# vim /etc/chrony.conf Below the minimum details to be set in the chrony.conf file. ·         pool 2.centos.pool.ntp.org iburst   # The name of the pool wh
Read more

AIX Commands

Usefull Commands for AIX =================== bootinfo –r     shows available RAM in KB lsattr –E l sys0 –a realmem    shows available RAM in KB rmss -c 512    To change the memory size to 512 MB rmss -r          resets the memory size to the original value lsattr  -El  en0     shows en0 driver params lsattr  -El  ent0     shows ent0 HW params lsattr -El rmt0     shows tape params lscfg -vpl rmt0     shows information about the tape drive lsattr  -El  sys0     shows system type, firmware, etc  driver params lscfg –v     lists all system HW configuration lsdev –C sscsi     list all scsi devices lsdev –C spci     list all pci devices lsparent –Ck scsi     list all scsi adapters cfgmgr     To onfigure devices lsdev –Cc disk      Shows all disks lsdev –Cc tape               Shows all tapes cfgmgr -vl < device > –v    Specifies verbose output. The cfgmgr command shows information about what it is doing. cfgmgr -vl < device >      Here <device> is a particular dev
Read more

YUM configuration in AIX.

    In earlier days all RPM packages in AIX were installed by the command “rpm”. The limitation for RPM command is that the difficulty to resolve the dependent packages.   Like other Linux operating system like RedHat, CentOS etc. there is a possibility to setup YUM to install packages in AIX. The below procedure will take you through the steps of configuring YUM in AIX (7.1) systems.     After having many trial and error experiments, the final solution came up with YUM configuration on the system, which is already installed with any RPM packages, we may need to follow the steps like: 1.        Take a backup of system (mksysb) 2.        Have the list of currently installed RPM packages. 3.        Remove the existing RPM packages. 4.        Configure YUM as described below. 5.        Install the previous packages again. Let’s start with the configuration now. Assuming that all required backups are in place to do a roll-back in case of any worst-case scenario.
Read more

Remote X11 forwarding for AIX in command line.

Most of the Unix administrators love to work with command line and it is the most convenient way to work with Unix systems. There were occasions where we had to invoke the GUI for some applications to work with it like, invoke a Firefox browser to browse the internet through Unix systems, install an application in GUI mode etc. Here I am going to describe how can we address such situations by invoking GUI over CLI. Assumptions:           You have an AIX system with remote connection through ssh.           You need to invoke the GUI of an application through Xming or MobaXterm – a DISPLAY server. X Window in AIX server Minimum installation for X Window includes below filesets: X11.base.lib X11.base.rte X11.apps.config X11.apps.clients   (optional to run xclock program – in this case, just for testing purpose) Install the above-mentioned packages to invoke the GUI remotely through command line. Connect through SSH X11 port forwarding On the
Read more

How to enable VNC server (get GUI remotely) in CentOS 7, RHEL 7, CentOS 8 and RHEL 8 servers.

Minimum requirements to connect a server remotely to access GUI are: 1.        Display server running in your workstation (I used MobaXterm. Software like Xming and VNC clients are also can be used.) 2.        Server running with GNOM workstation and VNC server. As I mentioned above, I have “MobaXterm” installed in my laptop that will work as a display server to connect my CentOS or RHEL server remotely. You may download it from here . It is very easy to use. If you have restrictions to install it in your laptop, then you can use the portable version of it. It can be just executed like PuTTy. To make sure my CentOS or RHEL server running with Desktop software, I use below commands to install them. In CentOS 7 or RHEL 7: [root@labsrv1 ~]# yum groupinstall “GNOME Desktop” In CentOS 8 or RHEL 8: [root@labsrv1 ~]#   yum groupinstall "Server with GUI To install the VNC server, use the below command. Install its dependencies as well, if it prompts for the same.
Read more

How to find big files in Linux, Unix, AIX

      Most often we see that the utilization of file systems grows up and we need to do some sort of housekeeping in the file system. Mainly we identify which file consumes more space in the file systems. Sometimes we see chunk of files with small size of single file with more size consume more space in the file systems. In either situation our goal is to find out what is consuming more space, identify the necessity of those files in the file system and decide to housekeep the file system by removing the unwanted files. Here are some ways to find the big files in a directory. People mostly use the below steps to identify the big files in a directory. 1.        By using “ du ” command. 2.        By using “ find ” command By using “du” command. Eg .   # du -a / Here “ du ” command will look for all the files in the directory including filesystems mounted on directories under “ / ” directory and list them with their size on kilo bites (KB). If you want to sort
Read more

How to manage Linux systems through web browser (cockpit for Linux): CentOS 7, CentOS 8, RHEL 7, RHEL 8, Fedora, Ubuntu and Debian systems.

    Cockpit is a web accessible interactive admin interface for Linux machines. Cockpit can usually be accessed on port 9090 of the machine it's installed on.     The cockpit-ws web service listens on port 9090 and is started on demand by systemd . The Cockpit web service authenticates the user, loads Cockpit into the browser, and starts cockpit-bridge in a Linux user session. The cockpit-bridge provides Cockpit in the web browser with access to the system APIs. It does this over its standard in and standard out.     Cockpit can be installed in the following Operating systems. Please not that this list is where I installed and tested, that does not mean that it will not work on other Operating Systems. RHEL 7 & RHEL 8 CentOS 7 & CentOS 8 Ubuntu Debian     Cockpit is a very helpful tool which can be used to access the Linux servers through a web browser and do all kind of administration tasks. Some of the main features of Cockpit are:
Read more