Hi Dick, I did login to the client using public IP and created ansible user , updated the visudo to add 'ansible ALL=(ALL) NOPASSWD: ALL I am able to login to client with the ansible user. I am trying to copy the id_rsa.pub to client using ssh-copy-id. As far as I know that is correct method.
Can anyone recommend what is the correct approach to setup password less authentication to run ansible playbook on the clients from the control server? can we use become, become_user parameters in the playbook ? On Tue, Nov 20, 2018 at 3:03 AM Dick Visser <[email protected]> wrote: > ssh-copy-id is meant to copy a public key to an account that you can > already authenticate to using other means, such as password. It’s not > possible to copy a key and use it to authenticate at the same time (i.e. > chicken/egg). > If you didn’t set a password for the account (or you disabled password > authentication, which I highly recommend) then sign in to your ‘client > server’ using another account that has the right permissions, and provision > the ansible account from there. > > > Dick > > On Mon, 19 Nov 2018 at 23:03, Arvind Thatikonda <[email protected]> > wrote: > >> >> I created a ansible control server, and client server. I created >> 'ansible' users on both control and remote client server. I created ssh >> keys use ssh-keygen, I tried to copy the ssh keys ( public key) to remote >> client using ssh-copy-id it fails. The OS on the two servers is Ubuntu >> 18.04 LTS on GCP >> >> >> Please let me know what is the issue. looks like permission issue. I >> followed the some recommednation to update the sshd-congfiguration files to >> change parameters. But it still didn't work. >> >> >> /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: >> "/home/ansible/.ssh/id_rsa.pub" >> >> /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to >> filter out any that are already installed >> >> /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are >> prompted now it is to install the new keys >> >> Permission denied (publickey). >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/e40053b4-a0e3-4d9c-a7c2-c64506ccb663%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/e40053b4-a0e3-4d9c-a7c2-c64506ccb663%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > Sent from a mobile device - please excuse the brevity, spelling and > punctuation. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAL8fbwMmOKZ1LmUW0OpNmUtpHqyE4WXAxzsd1dLJZS_s9yO8hg%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAL8fbwMmOKZ1LmUW0OpNmUtpHqyE4WXAxzsd1dLJZS_s9yO8hg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Thanks & Regards, Arvind; -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAPiXTevwQJQePyqSTuNirOy8QeciWZXFmM-q33FopD_dSJHh3g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
