Use password protected private key for an ansible script
26 views
Skip to first unread message
Madushan Chathuranga
Sep 12, 2018, 6:57:47 AM9/12/18
to Ansible Project
Hi All,
Is it possible to provide the password of the private key on the command line extra vars or using the inventory. In the inventory we can provide the private key but not the password? can not use --ask-pass in the command since it would prompt for the password to be user provided. Needs to pass this password along with the private key. using this to execute an ansible script on a remote host.
Thanks.
Dick Visser
Sep 12, 2018, 8:39:55 AM9/12/18
to ansible...@googlegroups.com
Is this private key supposed to be used for connecting to a host
you're configuring (i.e. the password to a protected SSH key)?
Or is it used inside a task, to executed on a remote host (i.e.
*after* you've connected to it)?
Dick
On 12 September 2018 at 12:57, Madushan Chathuranga
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4b9e126e-1cc2-4cf9-8767-b5b32e041c8b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
you're configuring (i.e. the password to a protected SSH key)?
Or is it used inside a task, to executed on a remote host (i.e.
*after* you've connected to it)?
Dick
On 12 September 2018 at 12:57, Madushan Chathuranga
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-proje...@googlegroups.com.
> To post to this group, send email to ansible...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/ansible-project/4b9e126e-1cc2-4cf9-8767-b5b32e041c8b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Madushan Chathuranga
Sep 12, 2018, 8:45:58 AM9/12/18
to Ansible Project
Hi,
also, I know we can use the private key in the inventory host_vars as ansible_ssh_private_key
This is to connect to the remote host. I'm aware that we can do something similar to this,
ansible-playbook -i hosts.yml --private-key=private_key_path ansible_script.ymlalso, I know we can use the private key in the inventory host_vars as ansible_ssh_private_key
but why ansible doesn't provide a option to manage private_key's password if it allows to use a private_key.
Dick Visser
Sep 13, 2018, 12:49:24 PM9/13/18
to ansible...@googlegroups.com
On 12 September 2018 at 14:45, Madushan Chathuranga
directly to ansible on the command line is more insecure than
necessary.
All password/authentication invocations (private keys, vault
passwords, password prompts) seem to be done either through a prompt,
or by pointing to a file containing the password.
So instead of supplying a password on the command line to use an
encrypted private key, you are encouraged to use a non-encrypted
private key.
Again, this is my guess...
Dick
<mchath...@gmail.com> wrote:
>
> Hi,
>
> This is to connect to the remote host. I'm aware that we can do something similar to this,
> ansible-playbook -i hosts.yml --private-key=private_key_path ansible_script.yml
>
> also, I know we can use the private key in the inventory host_vars as ansible_ssh_private_key
> but why ansible doesn't provide a option to manage private_key's password if it allows to use a private_key.
I'm speculating here, but I think it's because providing passwords
>
> Hi,
>
> This is to connect to the remote host. I'm aware that we can do something similar to this,
> ansible-playbook -i hosts.yml --private-key=private_key_path ansible_script.yml
>
> also, I know we can use the private key in the inventory host_vars as ansible_ssh_private_key
> but why ansible doesn't provide a option to manage private_key's password if it allows to use a private_key.
directly to ansible on the command line is more insecure than
necessary.
All password/authentication invocations (private keys, vault
passwords, password prompts) seem to be done either through a prompt,
or by pointing to a file containing the password.
So instead of supplying a password on the command line to use an
encrypted private key, you are encouraged to use a non-encrypted
private key.
Again, this is my guess...
Dick
Reply all
Reply to author
Forward
0 new messages