ssh root access remain closed
57 views
Skip to first unread message
reredok
Mar 16, 2021, 3:54:32 PM3/16/21
to Ansible Project
Hello all,
one thing is not clear to me about ansible. On all my Linux VM the root ssh access, for security reasons, is blocked. So the ad-hoc, playbook access only works via a non-administrative user. But then, for example, to install something on the Linux VM, how do you change the user to root? I don't want to work with ssh and public keys in my small environment and the root ssh access should remain closed.
Thanks for any feedback
reredok
Mike Eggleston
Mar 16, 2021, 4:13:09 PM3/16/21
to ansible...@googlegroups.com
Use “become”.
--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/869e69b8-67b2-475d-b06a-10f287d54de2n%40googlegroups.com.
Dick Visser
Mar 16, 2021, 4:22:36 PM3/16/21
to ansible...@googlegroups.com
Explained in detail here
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/33BF877F-88A3-48B1-ABD4-67A701B2AA38%40gmail.com.
Sent from a mobile device - please excuse the brevity, spelling and punctuation.
reredok
Mar 17, 2021, 3:37:41 AM3/17/21
to Ansible Project
Hello,
i tried everything possible with "become" in the playbook:
Either the password is wrong or a password is needed.
To rule out that I have a problem with root, I temporarily set PermitRootLogin Yes in /etc/ssh/sshd_config and then it works.
I have looked at the ansible documentation which I may not understand in full. Again for understanding:
There is an "ansible_user" who connects remotely via ssh and I give him the password in the "Inventory" with ansible_ssh_pass. In the "playbook" I set "become: yes"," become_user: root", "become_method: sudo". This then changes the ssh user to root and runs my "apt:" command.
Do you have an example that works for you? Thanks a lot
Michael Barber
Mar 17, 2021, 4:05:47 AM3/17/21
to ansible...@googlegroups.com
This is more of a Unix question than an ansible question.
Your login ID should not be root.
Your sudo file ,on destination host, should have your login ID defined with appropriate permissions.
Use ssh keys for your login ID
Hope this helps.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d2404f8c-8626-4bd8-88d6-4dd9f7a9a143n%40googlegroups.com.
Thanks,
MJ Barber
MJ Barber
Mike Eggleston
Mar 17, 2021, 8:17:50 AM3/17/21
to ansible...@googlegroups.com
The thing that works for me is:
$ ansible all -m command -a ’sudo uptime’ -o
I get no errors and I get a response from all my servers.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAFVMVpmxULgBkCAD3QfrqV5%2BGnY02y4ru_4%3DhH%2BqPz-e3K-Guw%40mail.gmail.com.
Brian Coca
Mar 17, 2021, 10:12:50 AM3/17/21
to Ansible Project
To verify permissions for the login user use `sudo -l `
this does NOT require root logins.
--
----------
Brian Coca
this does NOT require root logins.
--
----------
Brian Coca
Reply all
Reply to author
Forward
0 new messages