Dear Readers,
In this article, we will see Establish Passwordless SSH Connection Between Ansible Server and Hosts.
Steps to Follow
Test Environment Setup in Ansible Server “Ansible”
- Create a new user “kt-ansible” and set a password for the user.
- Add user “kt-ansible” to the sudo users list.
- Establish an ssh connection.
- Restart the sshd service.
Test Environment Setup in Host 1 “Ansible-Node-1”
- Create a new user “kt-ansible” and set a password for the user.
- Add user “kt-ansible” to the sudo users list.
- Establish an ssh connection.
- Restart the sshd service.
Test Environment Setup in Host 1 “Ansible-Node-2”
- Create a new user “kt-ansible” and set a password for the user.
- Add user “kt-ansible” to the sudo users list.
- Establish an ssh connection.
- Restart the sshd service.
Test Environment Setup in Ansible Server “Ansible”
- Connect Chef Server to Host 1 “Ansible-Node-1”.
- Connect Chef Server to Host 2 “Ansible-Node-2”.
Test Environment Setup in Ansible Server “Ansible”
1. Create a new user “kt-ansible” and set a password for the user
Create a new user “kt-ansible”
|
1 2 3 4 |
root@ip-172-31-6-252 ec2-user]# root@ip-172-31-6-252 ec2-user]# adduser kt-ansible root@ip-172-31-6-252 ec2-user]# tail -1 /etc/passwd kt-ansible:x:1001:1001::/home/kt-ansible:/bin/bash |
Set password for the user “kt-ansible”
|
1 2 3 4 5 6 |
root@ip-172-31-6-252 ec2-user]# passwd kt-ansible Changing password for user kt-ansible. New password: BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. |
2. Add user “kt-ansible” to the sudo users list
Open “visudo” file and add your user “kt-ansible ALL=(ALL)” under ” root NOPASSWD:ALL ALL=(ALL) ALL”
After adding user adds to the “visudo” file then onwards user”kt-ansible” get sudo privileges.
|
1 2 3 |
root@ip-172-31-6-252 ec2-user]# visudo root ALL=(ALL) ALL kt-ansible ALL=(ALL) NOPASSWD:ALL |
Note
:wq! —– to quit.
3. Establish an ssh connection
Open ssh configuration file “sshd_config” and comment and uncomment some parameters.
|
1 2 3 4 |
root@ip-172-31-6-252 ec2-user]# vi /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes PasswordAuthentication no |
4. Restart the sshd service
|
1 2 |
root@ip-172-31-6-252 ec2-user]# service sshd restart Redirecting to /bin/systemctl restart sshd.service |
Test Environment Setup in Node 1 “Ansible-Node-1”
1 Create a new user “kt-ansible” and set a password for the user
Create a new user “kt-ansible”
|
1 2 3 4 |
root@ip-172-31-5-201 ec2-user]# root@ip-172-31-5-201 ec2-user]# adduser kt-ansible root@ip-172-31-5-201 ec2-user]# tail -1 /etc/passwd kt-ansible:x:1001:1001::/home/kt-ansible:/bin/bash |
Set password for the user “kt-ansible”
|
1 2 3 4 5 6 |
root@ip-172-31-5-201 ec2-user]# passwd kt-ansible Changing password for user kt-ansible. New password: BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. |
2. Add user “kt-ansible” to the sudo users list
Open “visudo” file and add your user “kt-ansible ALL=(ALL)” under ” root NOPASSWD:ALL ALL=(ALL) ALL”
After adding user adds to the “visudo” file then onwards user”kt-ansible” get sudo privileges.
|
1 2 3 |
root@ip-172-31-5-201 ec2-user]# visudo root ALL=(ALL) ALL kt-ansible ALL=(ALL) NOPASSWD:ALL |
Note
:wq! —– to quit.
3. Establish an ssh connection
open ssh configuration file “sshd_config” and comment and uncomment some parameters.
|
1 2 3 4 |
root@ip-172-31-5-201 ec2-user]# vi /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes PasswordAuthentication no |
4. Restart the sshd service
|
1 2 |
root@ip-172-31-5-201 ec2-user]# service sshd restart Redirecting to /bin/systemctl restart sshd.service |
Test Environment Setup in Node 2 “Ansible-Node-2”
1. Create a new user “kt-ansible” and set a password for the user
Create a new user “kt-ansible”
|
1 2 3 4 |
root@ip-172-31-1-221 ec2-user]# root@ip-172-31-1-221 ec2-user]# adduser kt-ansible root@ip-172-31-1-221 ec2-user]# tail -1 /etc/passwd kt-ansible:x:1001:1001::/home/kt-ansible:/bin/bash |
Set password for the user “kt-ansible”
|
1 2 3 4 5 6 |
root@ip-172-31-1-221 ec2-user]# passwd kt-ansible Changing password for user kt-ansible. New password: BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word Retype new password: passwd: all authentication tokens updated successfully. |
2. Add user “kt-ansible” to the sudo users list
Open “visudo” file and add your user “kt-ansible ALL=(ALL)” under ” root NOPASSWD:ALL ALL=(ALL) ALL”
After adding user adds to the “visudo” file then onwards user”kt-ansible” get sudo privileges.
|
1 2 3 |
root@ip-172-31-1-221 ec2-user]# visudo root ALL=(ALL) ALL kt-ansible ALL=(ALL) NOPASSWD:ALL |
Note
:wq! —– to quit.
3. Establish an ssh connection
open ssh configuration file “sshd_config” and comment and uncomment some parameters.
|
1 2 3 4 |
root@ip-172-31-1-221 ec2-user]# vi /etc/ssh/sshd_config PermitRootLogin yes PasswordAuthentication yes PasswordAuthentication no |
4. Restart the sshd service
|
1 2 |
root@ip-172-31-1-221 ec2-user]# service sshd restart Redirecting to /bin/systemctl restart sshd.service |
Test Environment Setup in Ansible Server “Ansible”
1. Connect Ansible Server to Host 1 “Ansible-Node-1”
Connecting to node 1 with a password and without password
Switch to user “kt-ansible” and update server packages
|
1 2 3 4 5 6 7 8 9 10 |
root@ip-172-31-6-252 ec2-user]# su - kt-ansible Last login: Wed Jan 22 10:32:30 UTC 2020 on pts/0 kt-ansible@ip-172-31-6-252 ~]$ whoami kt-ansible kt-ansible@ip-172-31-6-252 ~]$ sudo yum update sudo] password for kt-ansible: Loaded plugins: extras_suggestions, langpacks, priorities, update-motd amzn2-core | 2.4 kB 00:00:00 188 packages excluded due to repository priority protections No packages marked for update |
Connect to Node 1 “Ansible-Node-1” with password
using below command for connecting Ansible Server to Node 1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
kt-ansible@ip-172-31-6-252 ~]$ ssh 172.31.5.201 kt-ansible@172.31.5.201's password: Last login: Wed Jan 22 10:33:30 2020 from ip-172-31-6-252.ap-south-1.compute.internal __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ 3 package(s) needed for security, out of 24 available Run "sudo yum update" to apply all updates. kt-ansible@ip-172-31-5-201 ~]$ kt-ansible@ip-172-31-5-201 ~]$ exit logout Connection to 172.31.5.201 closed. |
Connect to Node 1 “Ansible-Node-1” without password
For connecting to the host 1 without a password we need to follow some steps
Generate Keys
Copy keys to node 1
Generate Keys
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
kt-ansible@ip-172-31-6-252 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/kt-ansible/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/kt-ansible/.ssh/id_rsa. Your public key has been saved in /home/kt-ansible/.ssh/id_rsa.pub. The key fingerprint is: SHA256:q3xy2P6zcTY4x2ibjIBEwZCid6TpWlbSh1ArkP4TDNY kt-ansible@ip-172-31-6-252.ap-south-1.compute.internal The key's randomart image is: +---[RSA 2048]----+ |..o=o | |o+oEoo | |+.+*o. | |..=== . | | o.+o. S | | ++ . . + | | + o .o. * * | |. .oo++.O . | | o=o.*o | +----[SHA256]-----+ |
Verify keys
we can see the keys inside the .ssh directory.
|
1 2 3 4 5 |
[kt-ansible@ip-172-31-6-252 ~]$ ls -a . .. .bash_history .bash_logout .bash_profile .bashrc .ssh [kt-ansible@ip-172-31-6-252 ~]$ cd .ssh [kt-ansible@ip-172-31-6-252 .ssh]$ ls id_rsa id_rsa.pub known_hosts |
Copy keys to Host 1
When you run below command it will copy the content of public key inside the .ssh directory and go inside .ssh directory of the node 1 create a file “Authorized keys” and paste content of public key.
we can see the keys has been copied to node 1 successfully.
|
1 2 3 4 5 6 7 8 9 10 11 12 |
kt-ansible@ip-172-31-6-252 .ssh]$ kt-ansible@ip-172-31-6-252 .ssh]$ ssh-copy-id kt-ansible@172.31.5.201 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/kt-ansible/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys kt-ansible@172.31.5.201's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'kt-ansible@172.31.5.201'" and check to make sure that only the key(s) you wanted were added. |
Verify keys in Host 1 “Ansible-Node-1”
We can see the file “authorized keys” inside the .ssh directory.
|
1 2 3 4 5 |
kt-ansible@ip-172-31-5-201 ~]$ ls -a . .ansible .bash_logout .bashrc .viminfo .. .bash_history .bash_profile .ssh[kt-ansible@ip-172-31-5-201 ~]$ cd .ssh kt-ansible@ip-172-31-5-201 .ssh]$ ls authorized_keys |
Using below command for connecting to node 1 without password
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
kt-ansible@ip-172-31-6-252 .ssh]$ cd .. kt-ansible@ip-172-31-6-252 ~]$ ssh 172.31.5.201 Last login: Wed Jan 22 10:46:36 2020 from ip-172-31-6-252.ap-south-1.compute.internal __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ 3 package(s) needed for security, out of 24 available Run "sudo yum update" to apply all updates. [kt-ansible@ip-172-31-5-201 ~]$ |
2. Connect Chef Server to Host 2 “Ansible-Node-2”
Here also, we need to generate keys and copy keys to node 2.
We have already generated the keys, so we have to copy those keys to node
Copy the keys to node 2
|
1 2 3 4 5 6 7 8 9 10 11 |
kt-ansible@ip-172-31-6-252 ~]$ ssh-copy-id kt-ansible@172.31.1.221 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/kt-ansible/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys kt-ansible@172.31.1.221's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh 'kt-ansible@172.31.1.221'" and check to make sure that only the key(s) you wanted were added. |
Verify keys in node 1 “Ansible-Node-2”
We can see the file “authorized keys” inside the .ssh directory.
|
1 2 3 4 5 |
kt-ansible@ip-172-31-1-221 ~]$ ls -a . .ansible .bash_logout .bashrc .viminfo .. .bash_history .bash_profile .ssh[kt-ansible@ip-172-31-5-201 ~]$ cd .ssh kt-ansible@ip-172-31-5-201 .ssh]$ ls authorized_keys |
Using below command for connecting to node 1 without password
|
1 2 3 4 5 6 7 8 9 10 11 |
[kt-ansible@ip-172-31-6-252 ~]$ ssh 172.31.1.221 Last login: Wed Jan 22 11:02:07 2020 from ip-172-31-6-252.ap-south-1.compute.internal __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ 3 package(s) needed for security, out of 24 available Run "sudo yum update" to apply all updates. [kt-ansible@ip-172-31-1-221 ~]$ |
The connection has been established from ansible to servers to 2 nodes.
so, we verify the nodes and groups being inside the chef server.
Verify all nodes and all groups (be inside ansible server)
all — all nodes and all groups of inventory.
we can see the 2 hosts IP Addresses, those we have configured in /etc/ansible/hosts.
|
1 2 3 4 5 6 7 8 9 |
kt-ansible@ip-172-31-6-252 ~]$ ansible all --list-hosts [DEPRECATION WARNING]: The TRANSFORM_INVALID_GROUP_CHARS settings is set to allow bad characters in group names by default, this will change, but still be user configurable on deprecation. This feature will be removed in version 2.10. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg. [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details hosts (2): 172.31.5.201 172.31.1.221 |
Verify all nodes inside the group “Ktexperts-Nodes-Group”
|
1 2 3 4 5 6 |
kt-ansible@ip-172-31-6-252 ~]$ ansible Ktexperts-Nodes-Group --list-hosts [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details hosts (2): 172.31.5.201 172.31.1.221 |
Verify the first node inside the group ” Ktexperts-Nodes-Group”
|
1 2 3 4 5 |
kt-ansible@ip-172-31-6-252 ~]$ ansible Ktexperts-Nodes-Group[0] --list-hosts WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details hosts (1): 172.31.5.201 |
Verify the last node inside the group ” Ktexperts-Nodes-Group”
|
1 2 3 4 5 |
kt-ansible@ip-172-31-6-252 ~]$ ansible Ktexperts-Nodes-Group[-1] --list-hosts [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details hosts (1): 172.31.1.221 |
Verify first 2 nodes inside the group ” Ktexperts-Nodes-Group”
|
1 2 3 4 5 6 |
kt-ansible@ip-172-31-6-252 ~]$ ansible Ktexperts-Nodes-Group[0:1] --list-hosts [WARNING]: Invalid characters were found in group names but not replaced, use -vvvv to see details hosts (2): 172.31.5.201 172.31.1.221 |
Thank you for giving your valuable time to read the above information. Please click here to subscribe for further updates
KTEXPERTS is always active on below social media platforms.
Facebook : https://www.facebook.com/ktexperts/
LinkedIn : https://www.linkedin.com/company/ktexperts/
Twitter : https://twitter.com/ktexpertsadmin
YouTube : https://www.youtube.com/c/ktexperts
Instagram : https://www.instagram.com/knowledgesharingplatform
Loading...
