Hi, > Could you please help me how to use Ansible through a Jump/Bastion > Server? My desktop (CentOS 7.5) is installed with Ansible 2.5 and I > cannot install Ansible on Jump/Bastion server, what are the > configuration changes required on my desktop to be able to login as > my user and switch to root and ssh to clients to execute daily tasks. > > CentOS(Ansible 2.5) --> Jump/Bastion Server --> Destination Servers > > SSH keys are deployed for root user from Jump/Bastion server to all > destination servers.
in case you have the SSH keys for the destination users also on your local machine, you can do that by adding the following to your ~/.ssh/config file: Host jump-host.example.com User user_for_jump_host IdentityFile ~/.ssh/id_private_key_for_jump_host Host destination-1.example.com destination-2.example.com User admin_user_for_destinations IdentityFile ~/.ssh/id_private_key_for_destinations ProxyCommand ssh -q jump-host.example.com nc -q0 %h 22 If you have newer OpenSSH clients, there are also some simplifications for this (see https://superuser.com/questions/1253960/replace-proxyjump-in-ssh-config). In case you do *not* have the keys for the destination machines on your local machine, this will not work. Instead, take a look at this one: https://serverfault.com/questions/337274/ssh-from-a-through-b-to-c-using-private-key-on-b/701884#701884 I've never used that one, so I don't know whether it really works, but it looks reasonable. If the keys on the jump host are not available as the user you logged in with, you probably need to include an appropriate 'sudo' into the ProxyCommand (probably before ssh-add). Cheers, Felix -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20180926060240.25394320%40rovaniemi. For more options, visit https://groups.google.com/d/optout.
