Define ssh key per host using ansible_ssh_private_key_file

I set up SSH keys on a Linux or Unix as per my project needs and cloud hosting providers. I also new to Ansible IT automation and DevOps tool. My management node has keys for Linode, AWS/EC2 and Google cloud. How do I set up and tell Ansible to use different ssh keys? How do I configure SSH credentials per cloud hosting service provider?

Ansible is a free and open source IT software that automates software provisioning, configuration management, and application deployment. One can use Ansible to create cloud hosts in EC2, patch servers, add users, configure routers/firewall and more. Ansible uses SSH which allows users and ansbile too; to log in to remote servers and perform management tasks. This page shows how to already setup SSH keys to log in into remote server using Ansible IT automation tool.


Ansible define ssh key per host using ansible_ssh_private_key_file

You need to use ansible_ssh_private_key_file in inventory file. The syntax is pretty simple:

host ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/aws.pem

ansible_ssh_private_key_file example

Let us open a file named hosts in ~/projects/ansible/hosts using a text editor such as vim command:
$ vim ~/projects/ansible/hosts
Sample file:

[my_servers]     ansible_ssh_private_key_file=/home/vivek/.ssh/  ansible_ssh_private_key_file=~/.ssh/Lightsail-us-west-2.pem
www1        ansible_ssh_private_key_file=~/.ssh/
vpn-box1    ansible_ssh_private_key_file=~/.ssh/

Another example:

## Ansible with multiple SSH key pair as per server hosting ##
www1-li ansible_ssh_private_key_file=/path/to/file
www2-li ansible_ssh_private_key_file=/path/to/file
www1-aws ansible_ssh_private_key_file=/path/to/file
www2-aws ansible_ssh_private_key_file=/path/to/file
www1-gcp ansible_ssh_private_key_file=/path/to/file
www2-gcp ansible_ssh_private_key_file=/path/to/file

It is possible to group it as follows:


How to dry run and test your inventory or playbooks

You can ask Ansible not to make any changes; instead, try to predict some differences in those files:
$ ansible-playbook -i hosts my-book.yml --check
$ ansible freebsd -i hosts --list-hosts
$ ansible aws -i hosts --list-hosts
$ ansible google_cloud -i hosts --list-hosts

Ansible ansible_ssh_private_key_file example

A list of all ansible SSH connection config options

  1. ansible_port=2020 : The ssh port number, if not 22
  2. ansible_user=vivek : The default ssh user name to use.
  3. ansible_ssh_private_key_file=/path/to/ssh.pem : Private key file used by ssh. Useful if using multiple keys and you dont want to use SSH agent.
  4. ansible_python_interpreter=/usr/local/bin/python : The target host python path


You learned how to use different or multiple SSH private keys for the servers you manage using Ansible tool. For more info see “List of Behavioral Inventory Parameters” here.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.