Ansible is a free and open source IT software that automates software provisioning, configuration management, and application deployment. One can use Ansible to create cloud hosts in EC2, patch servers, add users, configure routers/firewall and more. Ansible uses SSH which allows users and ansbile too; to log in to remote servers and perform management tasks. This page shows how to already setup SSH keys to log in into remote server using Ansible IT automation tool.
Ansible define ssh key per host using ansible_ssh_private_key_file
You need to use ansible_ssh_private_key_file in inventory file. The syntax is pretty simple:
host ansible_ssh_private_key_file=/path/to/your/.ssh/file.pub 192.168.2.200 ansible_ssh_private_key_file=/path/to/your/.ssh/id_rsa.pub 104.20.187.5 ansible_ssh_private_key_file=/path/to/your/.ssh/aws.pem |
ansible_ssh_private_key_file example
Let us open a file named hosts in ~/projects/ansible/hosts using a text editor such as vim command:
$ vim ~/projects/ansible/hosts
Sample file:
[my_servers] 1.2.3.4 ansible_ssh_private_key_file=/home/vivek/.ssh/id_ed25519.pub 202.54.1.5 ansible_ssh_private_key_file=~/.ssh/Lightsail-us-west-2.pem www1 ansible_ssh_private_key_file=~/.ssh/Linode-us.rsa.pub vpn-box1 ansible_ssh_private_key_file=~/.ssh/Linode-us.rsa.pub |
Another example:
## Ansible with multiple SSH key pair as per server hosting ## [linode] www1-li ansible_ssh_private_key_file=/path/to/file www2-li ansible_ssh_private_key_file=/path/to/file [aws] www1-aws ansible_ssh_private_key_file=/path/to/file www2-aws ansible_ssh_private_key_file=/path/to/file [google_cloud] www1-gcp ansible_ssh_private_key_file=/path/to/file www2-gcp ansible_ssh_private_key_file=/path/to/file |
It is possible to group it as follows:
[linode] www1-li www2-li [aws] www1-aws www2-aws [google_cloud] www1-gcp www2-gcp [linode:vars] ansible_ssh_user=vivek ansible_ssh_private_key_file=/home/vivek/.ssh/linode.id_ed25519.pub [aws:vars] ansible_ssh_user=ec-2 ansible_ssh_private_key_file=/home/vivek/.ssh/aws-ec2-usa-east.pem [google_cloud:vars] ansible_ssh_user=someuser@gmail.com ansible_ssh_private_key_file=/home/vivek/.ssh/google_compute_engine.pem [freebsd] aws_freebsd_1 aws_freebsd_2 aws_freebsd_3 [freebsd:vars] ansible_python_interpreter=/usr/local/bin/python ansible_ssh_user=vivek ansible_ssh_private_key_file=/home/vivek/.ssh/freebsd-aws-lightsail.pem |
How to dry run and test your inventory or playbooks
You can ask Ansible not to make any changes; instead, try to predict some differences in those files:
$ ansible-playbook -i hosts my-book.yml --check
$ ansible freebsd -i hosts --list-hosts
$ ansible aws -i hosts --list-hosts
$ ansible google_cloud -i hosts --list-hosts
A list of all ansible SSH connection config options- ansible_port=2020 : The ssh port number, if not 22
- ansible_user=vivek : The default ssh user name to use.
- ansible_ssh_private_key_file=/path/to/ssh.pem : Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
- ansible_python_interpreter=/usr/local/bin/python : The target host python path
Conclusion
You learned how to use different or multiple SSH private keys for the servers you manage using Ansible tool. For more info see “List of Behavioral Inventory Parameters” here.