GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ilias-sp → ansible-setup-passwordless-ssh

ilias-sp / ansible-setup-passwordless-ssh

Licence: MIT license
Ansible playbook to exchange ssh keys with your remote user@hosts for passwordless ssh logins

Labels

sshansiblessh-keypasswordless-login

Projects that are alternatives of or similar to ansible-setup-passwordless-ssh

Git Tutorials
Git-Tutorials GIT基本使用教學📝
Stars: ✭ 539 (+1356.76%)
Mutual labels:  ssh-key
Rdiffweb
A simplified backup management software for quick access to your archives through an efficient web interface.
Stars: ✭ 76 (+105.41%)
Mutual labels:  ssh-key
Ssh Ldap Pubkey
Utility to manage SSH public keys stored in LDAP.
Stars: ✭ 185 (+400%)
Mutual labels:  ssh-key
Skm
A simple and powerful SSH keys manager
Stars: ✭ 670 (+1710.81%)
Mutual labels:  ssh-key
Setup Nginx Webserver
🚀Setup a perfect webserver on CentOS/Redhat 7.x guide with understanding.
Stars: ✭ 65 (+75.68%)
Mutual labels:  ssh-key
Awesome Ssh
💻 A curated list of SSH resources.
Stars: ✭ 1,742 (+4608.11%)
Mutual labels:  ssh-key
Geofront
Simple SSH key management service
Stars: ✭ 337 (+810.81%)
Mutual labels:  ssh-key
The-Learning-Documentation-Project
This documentation is about the new learning(s) and issue(s) resolvings on different aspects of academic, professional and personal thoughts. It includes(or/with links): Research topics(& resources), Programming(issues and code), Advanced Linux commands, Networking commands, bash script command utilization, Linux packages(& scripts), Machinine l…
Stars: ✭ 27 (-27.03%)
Mutual labels:  ssh-key
Sshremotekeys
Managing SSH keys remotely to control access to hosts
Stars: ✭ 70 (+89.19%)
Mutual labels:  ssh-key
Ssh Key Action
GitHub Action that installs SSH key to .ssh
Stars: ✭ 185 (+400%)
Mutual labels:  ssh-key
Ssh Keys In Macos Sierra Keychain
Saving SSH keys in macOS Sierra keychain
Stars: ✭ 928 (+2408.11%)
Mutual labels:  ssh-key
Ssh Agent Helper
Use SSH keys from CMD, PowerShell, etc. on Windows
Stars: ✭ 31 (-16.22%)
Mutual labels:  ssh-key
Cedarkey
$2 hardware SSH keys storage
Stars: ✭ 148 (+300%)
Mutual labels:  ssh-key
Cashier
A self-service CA for OpenSSH
Stars: ✭ 590 (+1494.59%)
Mutual labels:  ssh-key
Bastillion
Bastillion is a web-based SSH console that centrally manages administrative access to systems. Web-based administration is combined with management and distribution of user's public SSH keys.
Stars: ✭ 2,730 (+7278.38%)
Mutual labels:  ssh-key
Ssh Permit A38
Central management and deployment for SSH keys
Stars: ✭ 451 (+1118.92%)
Mutual labels:  ssh-key
Lastpass Ssh
SSH key management with LastPass
Stars: ✭ 105 (+183.78%)
Mutual labels:  ssh-key
ghost
A simple, server/less, single-api, multi-backend, ghostly secret-store/key-store for your passwords, ssh-keys and cloud credentials. Ghost isn't real, it's just in your head.
Stars: ✭ 36 (-2.7%)
Mutual labels:  ssh-key
server init harden
Server hardening on 1st login as "root"
Stars: ✭ 75 (+102.7%)
Mutual labels:  ssh-key
Sshkeydistribut0r
A tool to automate key distribution with user authorization
Stars: ✭ 153 (+313.51%)
Mutual labels:  ssh-key
View All Similar Projects ➔

Purpose

This Ansible Playbook will assist on establishing passwordless SSH logins with the remote hosts you wish to manage. Passwordless logins is a great convenience when connecting to multiple servers, via Ansible or not!

Download the tool

Clone the repository to your ansible-enabled host:

git clone https://github.com/ilias-sp/ansible-setup-passwordless-ssh.git

Alternatively, you can download the ansible_setup_passwordless_ssh.yml and hosts from this repository.

Prerequisites

Make sure your Ansible host is equipped with the utilities, and that they are available to the PATH of the user you will be running the playbook as.

  • ssh-keygen
  • ssh-copy-id
  • sshpass

If you dont have them, before continuing you will have to install them using the recommended ways for your Linux distribution.

Preparations before you run

Edit the hosts file and define your environment's information. Fill in using the below matrix:

Name Description
local_host -> ansible_user user of your localhost
local_host -> ansible_password the password of your localhost's account
local_host -> ansible_port if your local_host has the SSH daemon running not on the default port (22)
local_host -> ansible_host if you want to define the IP of your local_host
ssh_key_filename the filename of the new SSH key to be generated and stored under your .ssh folder of your localhost.
remote_machine_username the username of the remote machines. If you are applying the procedure to multiple hosts.
remote_machine_password the password of the "remote_machine_username" remote machines.
[ansible_setup_passwordless_setup_group] fill in the list of hosts that you want to establish the passwordless login with. the ansible_user is used only when executing the ansible_setup_passwordless_ssh_rollback playbook and it should match the remote_machine_username. The ansible_host can be ommitted if local_host can resolve the hostname you defined in first column. the ansible_port variable should be present even if it has the default value of 22, else you will have to modify the relevant task in the playbook.

If you are planning to run the script towards multiple hosts, make sure the username/password you defined is the same to all of them!

Example

[local_host]
localhost ansible_port=22 ansible_user=username ansible_password=password ansible_host=127.0.0.1


[local_host:vars]
ssh_key_filename="ansible_rsa"
remote_machine_username="root"
remote_machine_password="xxxxxxxxxxxxxxxxxxxxxx"


[ansible_setup_passwordless_setup_group]
rhel-green ansible_port=22 ansible_user=root ansible_host=192.168.1.1
rhel-red   ansible_port=9022 ansible_user=root ansible_host=192.168.1.2

How to run it

run:

ansible-playbook -i hosts ansible_setup_passwordless_ssh.yml

Last task in the playbook is to connect to each of those hosts and run some commands ("hostname" and "id"), check the output to verify the success of the tool!

Output from Demo run

How to avoid the confirmation question.

by design, the 2 playbooks ask for the user's confirmation before proceeding to the tasks. This is a common safety practice, giving the user one last chance to think if he is ready to proceed with this execution. Nevertheless, if this is an unwanted behavior that you want to bypass, you can:

  1. skip this pre_task, by appending in the command the -e confirmation=YES argument. For example:
ansible-playbook -i hosts ansible_setup_passwordless_ssh.yml -e confirmation=YES
  1. use the playbooks that are stored in the non_interactive folder. They are just missing this "safety" check.

What happens in the background to your machines when you run the playbook

By running this playbook, these things happen to your hosts:

Localhost:

  • An SSH key is generated and placed under .ssh folder. Its file name is configurable, default is ansible_rsa.
  • This SSH key is added to the ~/.ssh/config file for SSH client to utilize it when connecting to remote hosts.

Remote hosts:

  • The generated SSH key is propagated to the list of remote hosts you configured in hosts inventory file, and added to their ~/.ssh/authorized_keys file. This is done using the ssh-copy-id linux utility that is meant for this job. sshpass linux utility is used to assist running the script without the need to prompt for user password.

How to rollback

run:

ansible-playbook -i hosts ansible_setup_passwordless_ssh_rollback.yml

Output from Demo run of the rollback

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].