Key Based Authentication in Ansible
Key Based Authentication
- On linux servers we will have public key and private key with us
- to login
ssh -i <path to private key> username@ipaddress - Watch classroom video for key based setup on AWS
- IN Azure, we have ssh keys service where we can generate or import existing public keys
AWS Ansible Key based authentication
- Lets create an ec2 instance with some key pair
- We need to enable password based authentication
- Now create a user
devopsin the ec2 instance - Give this user sudo permission with No Password
- Switch to the user ansible
- From the machine configure as control node, we create a key pair
ssh-keygenand copy the public key generated into other nodesssh-copy-id - Once this configuration is done, install ansible and execute ansible ping
Enable password based authentication in AWS
- Change the PasswordAuthentication to yes in file
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf - restart the sshd
sudo systemctl daemon-reload
sudo systemctl restart ssh
- Lets create a user called devops
sudo adduser devops - We need to give sudo permissions for devops without password prompting
sudo visudo
- Add the line
devops ALL=(ALL:ALL) NOPASSWD:ALL
- Save the file
- now switch user and verify
Key based setup
- Login as devops user
- Now generate key pair
ssh-keygen -t rsa -b 4096
- Now copy the public key to other nodes
ssh-copy-id devops@<ip>
Ansible setup on AWS
- We have a user with sudo previleges on both the machines
- Now install ansible on control node
sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible -y
- Since we have keys configured
ansible -m ping -i hosts all
