Ansible Playbook For Copying SSH Keys – Password Less Connection

Ansible playbook has been an increasingly popular configuration management and deployment tool in the last few years and is giving stiff competition to its competitors i.e, puppet, chef and saltstack. The main advantage that works in favor of Ansible is the fact that it is agent-less and therefore very easy to set up. Copying SSH keys to number of hosts manually will be difficult task.

We’ve covered ansible installation, setup and basic playbook writing in earlier articles. Ansible often gets criticized for the fact that since it completely relies on the ssh protocol for implementing its automation. As a result of this, we would require password-less ssh authentication to be set up otherwise using ansible for automation would not prove very helpful if we have to type in the password for every host on which are executing the playbook. One could go as far as saying that we need some configuration management to be set prior to use Ansible for configuration management.

As a workaround for this situation, today we will share a simple playbook to copy ssh keys for a user across hosts.

Given below is Ansible Playbook For Copying SSH Keys

[sahil@sahil-centos ~]$ cat ansible_work/ssh_key.yml
---
- name: playbook for copying ssh keys
  hosts: control
  gather_facts: False

tasks:
- name: set permissions for .ssh directory
  file: path=/home/sahil/.ssh mode=0700

- name: create authorized_keys file
  file: path=/home/sahil/.ssh/authorized_keys state=touch mode=0644

- name: insert public ssh key for user sahil
  blockinfile:
  dest: /home/sahil/.ssh/authorized_keys
  block: |
   ssh-dss AAAAB3NzaC1kc3MAAACBAI4cJkRKzPG637N1TOJM0nDkXVH+eLIlXW+A/telRWsGJe0WRkDSAx+kQwz8TrzoMTDTCoJFmTETfmsSpMx2SeIlPRQS0Rtyz43uyFh8/XjvmgXNPAAAAFQCAK7jcuIfX+MhPtdT5y35Px6Ex1QAAAIBSMuF4Oo1oygerPSP4PszLKISxEmk1QjrCW8nLdYQeuYzZF9+cXUIzhp/a2EQUwUuGXHxM7XDJ8143bgYyTJZ/bFrNiwkXYx0YP0HOYhavkBAHddkdB6uC6mTtqGRkJSdMH4heBjbJBocCY424H6jtxrta9u/ORxBoTBQYPxnEyQAAAIAzIq3FhIU+cq+C7RF9HQh3qUmWMFv8l/5gQyoW3HpU6SqChtFADQpXuhZUgru5rdaT9wWHCn4t9gCDXVyfvprkt9AixQnxSmEabWct6bE2P7GSXXoP6Xx5iJjIg== sahil@sahil-centos

Detailed breakdown of the playbook

In the first section, we define a name for the playbook followed by the host group from the inventory on which we I intend to execute the playbook on. We also set gather_facts to False so that Ansible does not spend time in gathering information about the hosts it will run on. This will help us save some time since gathering facts about all the hosts may take a while.

After this, we define three tasks in the playbook.

  • The first task uses the file module and sets the permissions of the .ssh directory to 0700.
  • The second task once again uses the file module to ensure that the authorized_keys keys file is available in the .ssh directory and its permissions are set to 644.
  • In the third and final task, we use the blockinfile module to insert the content of my public key into the authorized_keys keys file.

Note that this will be an append operation and the existing file will not be overwritten.

Ansible Play

Now let’s execute the playbook and see the results

[sahil@sahil-centos ansible_work]$ ansible-playbook -i hosts ssh_key.yml -k -v
Using /home/sahil/ansible_work/ansible.cfg as config file
SSH password:

PLAY [test task] **************************************************************************************************************************************************************************

TASK [set permissions for .ssh directory] *************************************************************************************************************************************************
changed: [192.168.188.131] => {"changed": true, "gid": 1001, "group": "sahil", "mode": "0700", "owner": "sahil", "path": "/home/sahil/.ssh", "secontext": "unconfined_u:object_r:ssh_home_t:s0", "size": 57, "state": "directory", "uid": 1001}

TASK [create authorized_keys file] ********************************************************************************************************************************************************
changed: [192.168.188.131] => {"changed": true, "dest": "/home/sahil/.ssh/authorized_keys", "gid": 1001, "group": "sahil", "mode": "0644", "owner": "sahil", "secontext": "unconfined_u:object_r:ssh_home_t:s0", "size": 0, "state": "file", "uid": 1001}

TASK [insert public ssh key for user sahil] ***********************************************************************************************************************************************
changed: [192.168.188.131] => {"changed": true, "msg": "Block inserted"}

PLAY RECAP ********************************************************************************************************************************************************************************
192.168.188.131 : ok=3 changed=3 unreachable=0 failed=0

We used the -k option with our playbook to indicate to ansible that we’d like to be asked for a password since password-less ssh authentication has not been setup. We used the -k option with our playbook to indicate to ansible that we’d like to be asked for a password since password-less ssh authentication has not been set up. I’ve also added the -v flag for verbosity to ensure tasks as they are being run. In the play recap line, we see that all the three tasks executed successfully.
If we go the destination server and print the contents of the authorized_keys keys file,  we can see that the key has been added now.

[sahil@sahil-centos .ssh]$ cat authorized_keys

# BEGIN ANSIBLE MANAGED BLOCK
ssh-dss AAAAB3NzaC1kc3MAAACBAI4cJkRKzPG6larEE/VGd37N1TOJM0nDkXVH+SAzVIuCGXrN5RdrLQHklOx+kQwz8TrzoMTDTCoJRtyz43uyFh8/FQCAK7jcuIfX+MhPtdT5y35Px6Ex1QAAAIBSMuF4Oo1oygerPSP4PszLKISxEmk1QjrCW8nLdYQeuYzZF9+cXUIzhp/a2EQUwUuGXHxM7XDJ8143bgYyTJZ/bFrNiwkXYx0YP0HOYhavkBAHddkdB6uC6mTtqGRkJSdMH4heBjbJBocCY424H6jtxrta9u/ORxBoTBQYPxnEyQAAAIAzIq3FhIU+cq+C7RF9HQh3qUmWMFv8l/5gQyoW3HpU6SqChtFADQpXuhZUgru5rdaT9wWHCn4t9gCDXVyfvpr0Y3ZJe5yIsZQnxSmEabWct6bauB5UPCpFumKTWrahgbyrRpsmxbE2P7GSXXoP6Xx5iJjIg== sahil@sahil-centos
# END ANSIBLE MANAGED BLOCK
[sahil@sahil-centos .ssh]$

Conclusion

In this article, we provided you with ansible playbook for copying ssh keys to a server along with detailed description of the tasks in the playbook. We hope that you found this article to be useful and would consider giving this a try.

Related Articles

Configure SNMP in N Number of Hosts in few seconds

run multiple versions of Ansible

for More documents

Thanks for your wonderful Support and Encouragement