Define ssh key per host using ansible_ssh_private_key_file

I set up SSH keys on a Linux or Unix as per my project needs and cloud hosting providers. I also new to Ansible IT automation and DevOps tool. My management node has keys for Linode, AWS/EC2 and Google cloud. How do I set up and tell Ansible to use different ssh keys? How do I configure SSH credentials per cloud hosting service provider?

Ansible is a free and open source IT software that automates software provisioning, configuration management, and application deployment. One can use Ansible to create cloud hosts in EC2, patch servers, add users, configure routers/firewall and more. Ansible uses SSH which allows users and ansbile too; to log in to remote servers and perform management tasks. This page shows how to already setup SSH keys to log in into remote server using Ansible IT automation tool.

Ansible define ssh key per host using ansible_ssh_private_key_file

You need to use ansible_ssh_private_key_file in inventory file. The syntax is pretty simple:

host ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/aws.pem

ansible_ssh_private_key_file example

Let us open a file named hosts in ~/projects/ansible/hosts using a text editor such as vim command:
$ vim ~/projects/ansible/hosts
Sample file:

[my_servers]     ansible_ssh_private_key_file=/home/vivek/.ssh/  ansible_ssh_private_key_file=~/.ssh/Lightsail-us-west-2.pem
www1        ansible_ssh_private_key_file=~/.ssh/
vpn-box1    ansible_ssh_private_key_file=~/.ssh/

Another example:

## Ansible with multiple SSH key pair as per server hosting ##
www1-li ansible_ssh_private_key_file=/path/to/file
www2-li ansible_ssh_private_key_file=/path/to/file
www1-aws ansible_ssh_private_key_file=/path/to/file
www2-aws ansible_ssh_private_key_file=/path/to/file
www1-gcp ansible_ssh_private_key_file=/path/to/file
www2-gcp ansible_ssh_private_key_file=/path/to/file

It is possible to group it as follows:


How to dry run and test your inventory or playbooks

You can ask Ansible not to make any changes; instead, try to predict some differences in those files:
$ ansible-playbook -i hosts my-book.yml --check
$ ansible freebsd -i hosts --list-hosts
$ ansible aws -i hosts --list-hosts
$ ansible google_cloud -i hosts --list-hosts

A list of all ansible SSH connection config options
  1. ansible_port=2020 : The ssh port number, if not 22
  2. ansible_user=vivek : The default ssh user name to use.
  3. ansible_ssh_private_key_file=/path/to/ssh.pem : Private key file used by ssh. Useful if using multiple keys and you dont want to use SSH agent.
  4. ansible_python_interpreter=/usr/local/bin/python : The target host python path


You learned how to use different or multiple SSH private keys for the servers you manage using Ansible tool. For more info see “List of Behavioral Inventory Parameters” here.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum