This role configures all hosts in the current play to allow password-free (pubkey based) SSH authentication amongst themselves. Additional hosts may be added to the circuit by setting the hostnames/IP addresses in the appropriate variables documented below.

Ansible 2.4 or higher

Red Hat Enterprise Linux 7 or equivalent

Valid Red Hat Subscriptions

Currently the following variables are supported:

• passwordless_ssh_private_key - REQUIRED - the private key file to use for the pubkey based authentication process. This file should NOT be the current user's normal private key, unless that key is not considered a secure secret
• passwordless_ssh_public_key - REQUIRED - the public key that matches the private key on the previous line. Same warning applies here.
• passwordless_ssh_user - The user that will be used for SSHing between the hosts in this play. This defaults to "root" but should probably be changed, as direct root access is usually considered A Bad Idea.
• passwordless_ssh_user_home - The home directory of the user in the above variable, where the user's .ssh directory is to be found
• passwordless_ssh_remote_key_file - name of the remote public key file. Defaults to "id_rsa", as that is the most popular type of key to use
• passwordless_ssh_extra_hosts - an array of hostnames and/or IP addresses that ought to be configured to join in the pubkey auth round-robin fun. Defaults to an empty list
• passwordless_ssh_become - Defaults to true. Use sudo/become to change to an admin user. This is necessary if you are not logging in as the user who will be setup with the access.
• passwordless_ssh_become_user - Defaults to passwordless_ssh_user. The user to sudo/become to in order to access the files for passwordless_ssh_user. If this is changed to not match passwordless_ssh_user then unpredictable results can be seen when the user later attempts to connect due to potential mismatches in the pubkeys inserted to .ssh/known_hosts.

None

- hosts: passwordless_ssh_servers
  roles:
    - role: oasis-roles.passwordless_ssh
      passwordless_ssh_private_key: "{{ lookup('env', 'HOME') }}/mytestkeys/id_rsa"
      passwordless_ssh_public_key: "{{ lookup('env', 'HOME') }}/mytestkeys/id_rsa.pub"
      passwordless_ssh_user: testuser
      passwordless_ssh_user_dir: /home/testuser

GPLv3

Greg Hellings [email protected]