Define ssh key per host using ansible_ssh_private_key_file

Author: Vivek Gite Last updated: November 30, 2018 0 comments
I set up SSH keys on a Linux or Unix as per my project needs and cloud hosting providers. I also new to Ansible IT automation and DevOps tool. My management node has keys for Linode, AWS/EC2 and Google cloud. How do I set up and tell Ansible to use different ssh keys? How do I configure SSH credentials per cloud hosting service provider?

Ansible is a free and open source IT software that automates software provisioning, configuration management, and application deployment. One can use Ansible to create cloud hosts in EC2, patch servers, add users, configure routers/firewall and more. Ansible uses SSH which allows users and ansbile too; to log in to remote servers and perform management tasks. This page shows how to already setup SSH keys to log in into remote server using Ansible IT automation tool.

Ansible define ssh key per host using ansible_ssh_private_key_file

You need to use ansible_ssh_private_key_file in inventory file. The syntax is pretty simple:

host ansible_ssh_private_key_file=/path/to/your/.ssh/file.pub
192.168.2.200 ansible_ssh_private_key_file=/path/to/your/.ssh/id_rsa.pub
104.20.187.5 ansible_ssh_private_key_file=/path/to/your/.ssh/aws.pem

ansible_ssh_private_key_file example

Let us open a file named hosts in ~/projects/ansible/hosts using a text editor such as vim command:
$ vim ~/projects/ansible/hosts
Sample file:

[my_servers]
1.2.3.4     ansible_ssh_private_key_file=/home/vivek/.ssh/id_ed25519.pub
202.54.1.5  ansible_ssh_private_key_file=~/.ssh/Lightsail-us-west-2.pem
www1        ansible_ssh_private_key_file=~/.ssh/Linode-us.rsa.pub
vpn-box1    ansible_ssh_private_key_file=~/.ssh/Linode-us.rsa.pub

Another example:

## Ansible with multiple SSH key pair as per server hosting ##
[linode]
www1-li ansible_ssh_private_key_file=/path/to/file
www2-li ansible_ssh_private_key_file=/path/to/file
 
[aws]
www1-aws ansible_ssh_private_key_file=/path/to/file
www2-aws ansible_ssh_private_key_file=/path/to/file
 
[google_cloud]
www1-gcp ansible_ssh_private_key_file=/path/to/file
www2-gcp ansible_ssh_private_key_file=/path/to/file

It is possible to group it as follows:

[linode]
www1-li 
www2-li 
 
[aws]
www1-aws
www2-aws
 
[google_cloud]
www1-gcp
www2-gcp
 
[linode:vars]
ansible_ssh_user=vivek
ansible_ssh_private_key_file=/home/vivek/.ssh/linode.id_ed25519.pub
 
[aws:vars]
ansible_ssh_user=ec-2
ansible_ssh_private_key_file=/home/vivek/.ssh/aws-ec2-usa-east.pem
 
[google_cloud:vars]
ansible_ssh_user=someuser@gmail.com
ansible_ssh_private_key_file=/home/vivek/.ssh/google_compute_engine.pem
 
[freebsd]
aws_freebsd_1
aws_freebsd_2
aws_freebsd_3
 
[freebsd:vars]
ansible_python_interpreter=/usr/local/bin/python
ansible_ssh_user=vivek
ansible_ssh_private_key_file=/home/vivek/.ssh/freebsd-aws-lightsail.pem

How to dry run and test your inventory or playbooks

You can ask Ansible not to make any changes; instead, try to predict some differences in those files:
$ ansible-playbook -i hosts my-book.yml --check
$ ansible freebsd -i hosts --list-hosts
$ ansible aws -i hosts --list-hosts
$ ansible google_cloud -i hosts --list-hosts

A list of all ansible SSH connection config options
  1. ansible_port=2020 : The ssh port number, if not 22
  2. ansible_user=vivek : The default ssh user name to use.
  3. ansible_ssh_private_key_file=/path/to/ssh.pem : Private key file used by ssh. Useful if using multiple keys and you dont want to use SSH agent.
  4. ansible_python_interpreter=/usr/local/bin/python : The target host python path

Conclusion

You learned how to use different or multiple SSH private keys for the servers you manage using Ansible tool. For more info see “List of Behavioral Inventory Parameters” here.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one


Related Tutorials
CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum

Next FAQ:

Previous FAQ:

FEATURED ARTICLES

Sign up for my newsletter