On 12.01.17 09:40 Thomas Oliw wrote: I doubt that ansible is capable of handling this kind of jumphost. A 'normal' jumphost that just forwards the connection and the ssh key works outside of ansible and does not require much configuration (mostly setting the hosts up in your ~/.ssh/config).
> Well, I have no insight in why this model was choosen. I guess that > it allows strict control to limit all accesses via one hardened > jumphost, and only one place to manage sudo stuff. I will try to go > the correct route and ask the security people why the jumpstation > is built the way it is, but I fear it will take some time... Still > worth the struggle if it allows us to automate tasks in a safe and > efficient way in the future. (If there are good documentation on > how to build a ssh jumphost, I am interested to read up on that). I would be curious why this setup was chosen. If your are not doing smart sudo authentication, then your whole setup depends on users entering their password to do 'sudo ssh ...'. Or worse, all enter the same root password. So I can not see any advantages over authenticating via ssh keys on the target host. Johannes -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6967d09f-c560-4d5d-7ebe-66f4d07da509%40ojkastl.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
