What is Ansible Authorized_key?

What is Ansible Authorized_key?
Techiio-author
Written by Nilima PaulFebruary 8, 2022
11 min read
Ansible
3 VIEWS 0 LIKES 0 DISLIKES SHARE
0 LIKES 0 DISLIKES 3 VIEWS SHARE
Techiio-author
Nilima Paul

Technology Security Analyst

We will know in this article, what's the Ansible Authorized_key.

Introduction to Ansible Authorized_key

In Ansible, to execute undertakings and plays on remote objective machines, we want to either make the association secret phrase less or give secret word/keys progressively while running a playbook. Ansible utilizes local OpenSSH as its default association strategy. As a matter of course, Ansible thinks that we are utilizing SSH keys to interface with target remote machines.

To work with SSH we want either passwords or SSH keys of keys to the concerned client account. Ansible has an extremely valuable module named authorized_key to add or eliminate approved keys for concerning client accounts on remote machines. In this article, we will attempt to find out with regards to numerous strategies and choices to utilize this module.

What is Ansible Authorized_key?

An SSH key pair is a blend of two keys which are public and private. The private key is kept locally and the public key is imparted to remote hosts to which we need to associate. This mix is utilized for accomplishing unbalanced encryption, it implies is something is scrambled with one key of this mix, then, at that point, one more key of the mix is utilized to decode that. In Ansible, we are utilizing OpenSSH to make SSH associations with remote objective hubs.

We can either set up SSH association utilizing keys with controllers has by either Linux orders or Ansible itself utilizing a module named authorized_key. This module can recognize key documents for client accounts from given areas and duplicate them to remote objective machines in the predefined way (when unset, default is ~/.ssh/authorized_keys)

How Does Ansible Authorized_key work?

To make this the SSH association involving keys in Ansible. We should follow steps, which should be possible in more than one way which we will talk about in this record.

  • Create a key pair containing private and public keys as id_rsa and bar separately.
  • These will be created under ~/.ssh registry of course, on the off chance that not set in any case.
  • Send public key bar to remote hosts by duplicating it in record ~/.ssh/authorized_keys at end of the document.
  • Make ssh association with the remote host and give yes when it requests to make passage of unique finger impression of target hosts to ~/.ssh/known_hosts. On the off chance that you don't do this, then, at that point, each time the SSH association is made, the framework will request to add

This can either be done by Linux command or by using the Ansible authorized_key module. In this article, we see this Ansible module and its parameters with available options. Some of those are described below.

  • key: The SSH public key. It acknowledges a string or
  • way: Path to authorized_keys document, default is ~/.ssh/authorized_keys.
  • state: should the key be available or missing from record ~/.ssh/authorized_keys. The default is available.
  • client: The username on remote has whose approved keys document will be changed.
  • validate_certs: When involving HTTPS URL for the wellspring of the key record, this is utilized to set whether or not to permit approving authentication for that source site. Default is Yes
  • elite: This is set to eliminate any remaining non-determined keys from the approved key Default is no.
  • remark: To indicate the remark on the public key, here you are utilizing GitHub/GITLAB for dealing with your
  • manage_dir: This choice is set to advise the module to deal with the index of authorized_key

The default is yes. Note that when using the parameter path, make sure you set no for manager_dir.

Example to Implement Ansible Authorized_key

Presently by utilizing models, we will attempt to find out with regards to the Ansible authorized_key module and another way of utilizing keys to arrangement effective association with remote objective hosts, which you may need to use in everyday tasks. We will take a few models, yet before going there, we initially comprehend our lab, which we utilized for testing reasons.

Here we have an Ansible control server named ansible-regulator and two controllers have named have one and host-two. We will make playbooks and run ansible orders on the ansible-regulator hub and see the outcomes on remote hosts.

Example #1

Presently in this model, we will involve an Ansible playbook to make a critical blend for a client. Then, at that point, duplicate the public key from Ansible regulator hub to remote objective hubs in ~/.ssh/authorized_keys record utilizing Ansible authorized_key

For this, we have made an arrangement. Here as of now, our playbooks are falling flat since we don't have a fruitful association with remote objective hubs. SSH keys are absent for ec2-client on regulator machine and this present client's entrance is likewise mission on remote objective machines.

Code:

ansible-playbook /var/tmp/debug_ansible_fact_l.yml

Output:

blogpost

Now we create SSH public and private keys on the controller node using the below command.

Code:

ssh-keygen -q -b 2048 -t rsa -N "" -f ~/.ssh/id_rsa
ls -l .ssh/id_rsa*

Output:

This will create 2 files like below: –

blogpost

Example #2

Now we create a playbook like below which will use Ansible authorized module to copy the public key file to remote hosts: –

Code:

name: copy public key from controller node to remote nodes hosts: all
tasks:
name: add the public key to authorized_keys using Ansible module authorized_key:
user: ec2-user state: present key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub

Example #3

Presently execute this playbook, however, to execute this playbook, we want to pass a private key to interface with target remote hosts on the order line with an ansible-playbook order or we can utilize boundaries to request a secret key.

In the beneath model, on the order line with ansible-playbook, we are utilizing a private key to interface with the remote objective hub, this current key's public key is now present in approved keys on remote objective machines.

By running this playbook, we are making passages in ~/.ssh/authorized_keys of remote objective machines.

Code:

ansible-playbook ansible_authorized_key.yaml --private-key /var/tmp/key_l.pem

Output:

blogpost

Now when we run the same Ansible playbook which we ran previously, it will run smoothly like below. Because now we have the public key of the controller node copied to the remote target node’s authorized keys file, this has made SSH password less from the controller to remote nodes.

Output:

blogpost

Conclusion

Dealing with all your framework from a solitary control can be very unsafe if your association strategy isn't secure, however, SSH is an extremely safe method for making associations, and SSH keys assume a significant part to make an association with remote objective hubs. Overseeing keys is streamlined with modules like authorized_key. So we should have to utilize it admirably. So learn it first and afterward use it.

ansib facts
ansible inventory
Ansible
3 VIEWS 0 LIKES 0 DISLIKES SHARE
0 LIKES 0 DISLIKES 3 VIEWS SHARE
Was this blog helpful?
techiio-price-plantechiio-price-plantechiio-price-plantechiio-price-plantechiio-price-plan
You must be Logged in to comment
Code Block
Techiio-author
Nilima Paul
Technology Security Analyst
Techiio-followerTechiio-followerTechiio-follower
201 Blog Posts
0 Discussion Threads
Trending Technologies
15
Software40
DevOps47
Frontend Development24
Backend Development20
Server Administration17
Linux Administration26
Data Center24
Sentry24
Terraform23
Ansible83
Docker70
Penetration Testing16
Kubernetes21
NGINX20
JenkinsX17
Techiio-logo

Techiio is on the journey to build an ocean of technical knowledge, scouring the emerging stars in process and proffering them to the corporate world.

Follow us on:

Subscribe to get latest updates

You can unsubscribe anytime from getting updates from us
Developed and maintained by Wikiance
Developed and maintained by Wikiance