Re: [ansible-project] ssh-key exchange and root password set
On Wed, 29 Mar 2023 19:56:23 +0900 Prady A wrote: > #ansible-playbook -i inventory ssh_install.yml *-k* > ... avoid the -k option Use *ssh-agent*. https://www.ssh.com/academy/ssh/agent It is a bad practice to *ssh* to root. See https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html > password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}" See how to use Ansible vault https://docs.ansible.com/ansible/latest/cli/ansible-vault.html The next option is *passwordstore* https://www.passwordstore.org/ See the Ansible *passwordstore* lookup plugin https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html -- Vladimir Botka -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/20230329140245.257f0080%40gmail.com. pgpjzvwp8hxc3.pgp Description: OpenPGP digital signature
[ansible-project] ssh-key exchange and root password set
Hello folks As a new learner, I am trying to copy the ssh pub key to the managed node as below. ssh_install.yml === tasks: - name: Exchange the pub key authorized_key: user: root state: present key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}" === Running with below command #ansible-playbook -i inventory ssh_install.yml *-k* It is running without any issue but is there any way to avoid the -k option? I dont want to provide the password for each managed node in the command prompt. Secondly using below task for changing the root password. I will use vault to store PLAIN_PASSWORD. Is there any better method to do it? Kindly advice. - name: passwd change user: name: root password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}" -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAEuB3AqUA3ME-PdwKi_ugERPPp5OifysPB_UjMGAfpw1Y6eUrA%40mail.gmail.com.