Menu
I have a server which will run various ansible playbooks on host groups in my infrastructure. I have seen various questions about this, with the end result being something like use ssh-agent and ssh-add to initially add the key and enter the passphrase. But there are conflicting discussions that say, you can't do anything about user input when configuring a server using ansible (i.e. echoing the input when prompted).
So if I automate the ansible server and need to add the keys, there's not a way for me to authenticate using the passphrase for any subsequent ansible-playbook runs from that server to the appropriate machines.
Is there to use a passphrase protected key with ansible playbook without requiring human interaction?
434
No, it defeats the purpose of using a password protected private key by bypassing the step of entering the password. If you are using some other method to authenticate the user that you are confident with then you could use a non-password protected private key but then you would need to have very good processes for managing your private key.
The point of ssh-agent is that you only need to enter the private key password once and not for each host you connect to or each time the session times out, it is not to bypass authenticating the owner of the private key.
138
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
