Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to run an ansible-playbook with a passphrase-protected-ssh-private-key?

Tags:

ssh

ansible

I have created an autoscaling group for Amazon EC2 and I have added my public key when I created the AMI with packer, I can run ansible-playbook and ssh to the hosts.

But there is a problem when I run the playbook like this ansible-playbook load.yml I am getting this message that I need to write my password

Enter passphrase for key '/Users/XXX/.ssh/id_rsa':
Enter passphrase for key '/Users/XXX/.ssh/id_rsa':
Enter passphrase for key '/Users/XXX/.ssh/id_rsa':

The problem is it doesn't accept my password (I am sure I am typing my password correctly).

I found that I can send my password with ask-pass flag, so I have changed my command to ansible-playbook load.yml --ask-pass and I got some progress but again for some other task it asks for the password again and it didn't accept my password

[WARNING]: Unable to parse /etc/ansible/hosts as an inventory source

 [WARNING]: No inventory was parsed, only implicit localhost is available

 [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'


PLAY [localhost] *************************************************************************************************************

TASK [ec2_instance_facts] ****************************************************************************************************
ok: [localhost]

TASK [add_host] **************************************************************************************************************
changed: [localhost] => (item=xx.xxx.xx.xxx)
changed: [localhost] => (item=yy.yyy.yyy.yyy)

PLAY [instances] *************************************************************************************************************

TASK [Copy gatling.conf] *****************************************************************************************************
ok: [xx.xxx.xx.xxx]
ok: [yy.yyy.yyy.yyy]
Enter passphrase for key '/Users/ccc/.ssh/id_rsa': Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':
Enter passphrase for key '/Users/ccc/.ssh/id_rsa':

If I don't use ask-pass flag even the task [Copy gatling.conf] doesn't complete and complaining about could not access the hosts. By adding the flag this part passes, but my next task again asks for pass.

How should I solve this issue? What am I doing wrong here?

like image 394
Am1rr3zA Avatar asked May 10 '18 16:05

Am1rr3zA


People also ask

How do I protect my private key with passphrase?

A passphrase is a word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for Ciphers. To change the passphrase you simply have to read it with the old pass-phrase and write it again, specifying the new pass-phrase.

Are SSH keys protected with a passphrase?

SSH uses private/public key pairs to protect your communication with the server. SSH passphrases protect your private key from being used by someone who doesn't know the passphrase. Without a passphrase, anyone who gains access to your computer has the potential to copy your private key.


2 Answers

In ansible There is no option to store passphrase-protected private key

For that we need to add the passphrase-protected private key in the ssh-agent

Start the ssh-agent in the background.

# eval "$(ssh-agent -s)"

Add SSH private key to the ssh-agent

# ssh-add ~/.ssh/id_rsa

Now try running ansible-playbook and ssh to the hosts.

like image 130
Javeed Shakeel Avatar answered Oct 11 '22 23:10

Javeed Shakeel


I solved it by running ssh-add once and use it like if it's not password protected.

like image 19
Am1rr3zA Avatar answered Oct 11 '22 23:10

Am1rr3zA