Ansible uses the declarative language to describe the desired state of systems and automatically handles the tasks that are needed to achieve that state.
Ansible uses SSH as the default connection method to connect to a target machine. SSH provides a secure and encrypted communication channel between the Ansible control node and the target hosts.
Typically, the most common method of configuring the SSH key-based authentication for the target host is the ssh-copy-id command. The command copies the public key of the control node to the “authorized_keys” file on the target host.
However, when configuring a system for the first time, you might need Ansible to do it in a playbook. This is where the Ansible community comes to the rescue.
In the Ansible community, we have access to the ssh_id_copy role which allows us to authorize the systems for passwordless SSH authentication.
This role handles the setup of the SSH keys on the remote machine which allows us to create an Ansible inventory file with the remote machine. We can then quickly call any Ansible playbook against the remote machine.
Ansible Ssh_Copy_Id Role
The role has variables that allow Ansible to configure the SSH keys on the remote host. Such variables include:
Hostname – It defines the remote system to connect to (FQDN or IP).
Username – It specifies the username to connect to the remote system.
Password – It defines the password of the username to connect to the remote system.
ssh_public_key – It defines the absolute path to the public key file to configure on the remote host.
Port – It defines the SSH port.
Installing the Ssh_Copy_Id Role
CAUTION: We cannot provide the validity and security of community-driven roles and modules. Please audit and verify the workings of a role/module before using it in production and on real machines. No security is guaranteed when working with the steps that are outlined in this post.
As mentioned, the ssh_copy_id is a community-provided role that is provided by Ryan. The link to the repository is provided as follows:
https://github.com/ryankwilliams/ansible-ssh-copy-id
Before we can use it, we need to ensure that it is installed by running the following command:
Example Usage
Once installed, we can use the role in a playbook as demonstrated in the following:
- name: configure passwordless ssh authentication on a remote machine
hosts: localhost
become: yes
roles:
- role: ryankwilliams.ssh_copy_id
vars:
hostname: 172.168.112.23
username: ubuntu
password: password
ssh_public_key: /home/debian12/.ssh/id_rsa.pub
ssh_port: 22
The previous example playbook demonstrates how to use the role to set up the passwordless SSH authentication, a user that is defined in the remote machine.
Conclusion
In this introductory tutorial, you learned how you can take advantage of community-provided roles and modules to configure the passwordless SSH authentication on remote hosts using an Ansible playbook.