So you all use roots private key on the jumpbox to access the protected servers?
Forgive me but that seems a bit backwards - you lose audit trail for the servers being accessed, since you're all logging in with the same private key (i.e. roots key on the jump host). We generally ssh to our jump boxes as non-root users and then ssh again to the backend servers from non-root accounts on the jump box. I know that's not really answering your issue, but I'm curious which one of us is doing the unusual thing :) On 11 January 2017 at 15:59, Thomas Oliw <[email protected]> wrote: > Hello, > > I know this is an old thread, but I have exactly the same problem as Ethan. > In our environment, we juse a jump host to access servers. > This is a very hardened and stripped down linux/unix server. > > The only way to become root on your server-to-manage is to ssh with your > username to the jumphost and then issue a "sudo ssh server-to-manage". > > I can accomplish this in one ssh command with this: > > ssh -tt jumpserver "sudo ssh server-to-manage" > > > Question is how do you accomplish that in Ansible?! > > > Any advice is much appreciated. > > > Kind Regards, > > > Thomas > > > > Den tisdag 3 februari 2015 kl. 11:26:31 UTC+1 skrev Ethan Zhan: >> >> Hi, >> >> I'm in trouble with how to use ansible on jumpbox, here is the >> issue. >> >> from jumpbox I have to use command sudo ssh box_ip to get login >> with root permission. >> >> How can I let ansible know to use sudo ssh instead of ssh command >> to execute ? >> >> Thanks >> Ethan > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/61e47c0d-f0dd-418b-b90f-237ed8ab1cc2%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAK5eLPQTrUeJpqM-sxf9%2BmNvDb-sEjms0BLt9Ti1PMbk3yzFfg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
