Technology Security Analyst
In Ansible, to execute undertakings and plays on remote objective machines, we want to either make the association secret phrase less or give secret word/keys progressively while running a playbook. Ansible utilizes local OpenSSH as its default association strategy. As a matter of course, Ansible thinks that we are utilizing SSH keys to interface with target remote machines.
To work with SSH we want either passwords or SSH keys of keys to the concerned client account. Ansible has an extremely valuable module named authorized_key to add or eliminate approved keys for concerning client accounts on remote machines. In this article, we will attempt to find out with regards to numerous strategies and choices to utilize this module.
An SSH key pair is a blend of two keys which are public and private. The private key is kept locally and the public key is imparted to remote hosts to which we need to associate. This mix is utilized for accomplishing unbalanced encryption, it implies is something is scrambled with one key of this mix, then, at that point, one more key of the mix is utilized to decode that. In Ansible, we are utilizing OpenSSH to make SSH associations with remote objective hubs.
We can either set up SSH association utilizing keys with controllers has by either Linux orders or Ansible itself utilizing a module named authorized_key. This module can recognize key documents for client accounts from given areas and duplicate them to remote objective machines in the predefined way (when unset, default is ~/.ssh/authorized_keys)
To make this the SSH association involving keys in Ansible. We should follow steps, which should be possible in more than one way which we will talk about in this record.
This can either be done by Linux command or by using the Ansible authorized_key module. In this article, we see this Ansible module and its parameters with available options. Some of those are described below.
The default is yes. Note that when using the parameter path, make sure you set no for manager_dir.
Presently by utilizing models, we will attempt to find out with regards to the Ansible authorized_key module and another way of utilizing keys to arrangement effective association with remote objective hosts, which you may need to use in everyday tasks. We will take a few models, yet before going there, we initially comprehend our lab, which we utilized for testing reasons.
Here we have an Ansible control server named ansible-regulator and two controllers have named have one and host-two. We will make playbooks and run ansible orders on the ansible-regulator hub and see the outcomes on remote hosts.
Presently in this model, we will involve an Ansible playbook to make a critical blend for a client. Then, at that point, duplicate the public key from Ansible regulator hub to remote objective hubs in ~/.ssh/authorized_keys record utilizing Ansible authorized_key
For this, we have made an arrangement. Here as of now, our playbooks are falling flat since we don't have a fruitful association with remote objective hubs. SSH keys are absent for ec2-client on regulator machine and this present client's entrance is likewise mission on remote objective machines.
Code:
ansible-playbook /var/tmp/debug_ansible_fact_l.yml
Output:
Now we create SSH public and private keys on the controller node using the below command.
Code:
ssh-keygen -q -b 2048 -t rsa -N "" -f ~/.ssh/id_rsa
ls -l .ssh/id_rsa*
Output:
This will create 2 files like below: –
Now we create a playbook like below which will use Ansible authorized module to copy the public key file to remote hosts: –
Code:
name: copy public key from controller node to remote nodes hosts: all
tasks:
name: add the public key to authorized_keys using Ansible module authorized_key:
user: ec2-user state: present key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub
Presently execute this playbook, however, to execute this playbook, we want to pass a private key to interface with target remote hosts on the order line with an ansible-playbook order or we can utilize boundaries to request a secret key.
In the beneath model, on the order line with ansible-playbook, we are utilizing a private key to interface with the remote objective hub, this current key's public key is now present in approved keys on remote objective machines.
By running this playbook, we are making passages in ~/.ssh/authorized_keys of remote objective machines.
Code:
ansible-playbook ansible_authorized_key.yaml --private-key /var/tmp/key_l.pem
Output:
Now when we run the same Ansible playbook which we ran previously, it will run smoothly like below. Because now we have the public key of the controller node copied to the remote target node’s authorized keys file, this has made SSH password less from the controller to remote nodes.
Output:
Dealing with all your framework from a solitary control can be very unsafe if your association strategy isn't secure, however, SSH is an extremely safe method for making associations, and SSH keys assume a significant part to make an association with remote objective hubs. Overseeing keys is streamlined with modules like authorized_key. So we should have to utilize it admirably. So learn it first and afterward use it.