This role configures all hosts in the current play to allow password-free (pubkey based) SSH authentication amongst themselves. Additional hosts may be added to the circuit by setting the hostnames/IP addresses in the appropriate variables documented below.
Ansible 2.4 or higher
Red Hat Enterprise Linux 7 or equivalent
Valid Red Hat Subscriptions
Currently the following variables are supported:
passwordless_ssh_private_key
- REQUIRED - the private key file to use for the pubkey based authentication process. This file should NOT be the current user's normal private key, unless that key is not considered a secure secretpasswordless_ssh_public_key
- REQUIRED - the public key that matches the private key on the previous line. Same warning applies here.passwordless_ssh_user
- The user that will be used for SSHing between the hosts in this play. This defaults to "root" but should probably be changed, as direct root access is usually considered A Bad Idea.passwordless_ssh_user_home
- The home directory of the user in the above variable, where the user's.ssh
directory is to be foundpasswordless_ssh_remote_key_file
- name of the remote public key file. Defaults to "id_rsa", as that is the most popular type of key to usepasswordless_ssh_extra_hosts
- an array of hostnames and/or IP addresses that ought to be configured to join in the pubkey auth round-robin fun. Defaults to an empty listpasswordless_ssh_become
- Defaults to true. Use sudo/become to change to an admin user. This is necessary if you are not logging in as the user who will be setup with the access.passwordless_ssh_become_user
- Defaults topasswordless_ssh_user
. The user to sudo/become to in order to access the files forpasswordless_ssh_user
. If this is changed to not matchpasswordless_ssh_user
then unpredictable results can be seen when the user later attempts to connect due to potential mismatches in the pubkeys inserted to.ssh/known_hosts
.
None
- hosts: passwordless_ssh_servers
roles:
- role: oasis-roles.passwordless_ssh
passwordless_ssh_private_key: "{{ lookup('env', 'HOME') }}/mytestkeys/id_rsa"
passwordless_ssh_public_key: "{{ lookup('env', 'HOME') }}/mytestkeys/id_rsa.pub"
passwordless_ssh_user: testuser
passwordless_ssh_user_dir: /home/testuser
GPLv3
Greg Hellings [email protected]