Re: [ansible-project] ssh-key exchange and root password set

[Vladimir Botka]

On Wed, 29 Mar 2023 19:56:23 +0900
Prady A  wrote:

> #ansible-playbook -i inventory ssh_install.yml *-k*
> ... avoid the -k option

Use *ssh-agent*.
https://www.ssh.com/academy/ssh/agent

It is a bad practice to *ssh* to root. See
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

> password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}"

See how to use Ansible vault
https://docs.ansible.com/ansible/latest/cli/ansible-vault.html

The next option is *passwordstore*
https://www.passwordstore.org/

See the Ansible *passwordstore* lookup plugin
https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html


-- 
Vladimir Botka

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/20230329140245.257f0080%40gmail.com.


pgpjzvwp8hxc3.pgp
Description: OpenPGP digital signature

[ansible-project] ssh-key exchange and root password set

[Prady A]

Hello folks

As a new learner, I am trying to copy the ssh pub key to the managed node
as below.

ssh_install.yml
===
tasks:
- name: Exchange the pub key
  authorized_key:
user: root
state: present
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
===

Running with below  command
#ansible-playbook -i inventory ssh_install.yml *-k*
It is running without any issue but is there any way to avoid the -k
option? I dont want to provide the password for each managed node in the
command prompt.

Secondly using below task for changing the root password. I will use vault
to store PLAIN_PASSWORD. Is there any better method to do it? Kindly advice.
- name: passwd change
user:
name: root
password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}"

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/CAEuB3AqUA3ME-PdwKi_ugERPPp5OifysPB_UjMGAfpw1Y6eUrA%40mail.gmail.com.