make SSH interactive or bulking adding SSH host keys?

[Kevin Burton]

I'm trying to migrate an existing cloud cluster to ansible.

It's about 10 machines.

I want to use Ansible to add my SSH key to all boxes so I can just ssh authenticate.

But the I have the following problems:

1. none of the connections work because the ssh host keys aren't installed.

2. I first need to authenticate with a password before the ssh key can be installed.

Is there anyway to force SSH to be both serial and interactive?

This way it would go through each host, one at a time, add the SSH host key if I confirm, then prompt for the root password, and then add my SSH key.

At which point I would be done.

I have to do this for like 50 -70 machines for a big ansible migration and I'd prefer to not spend an hour doing this manually :-(

[Matt Martz]

So what specifically would you say your problem is?

And perhaps it might be easier to just write a for loop and use ssh-copy-id to get your key up there first?

Ansible can do it, but there a few things to consider:

1. Do all hosts use the same password? If so then this is easy

2. If hosts use different passwords, you could temporarily put your password on your inventory

3. What is the need for interactivity? Ansible doesn't typically do interactive remote tasks

4. Also for doing it serially you can use -f 

5. Do you have to add your key to the root users authorized keys? I'd recommend not doing that, and just ssh as your user and use su or sudo functionality in ansible

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/73a350e1-eb46-4f5b-a4f6-19ed1b086821%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Matt Martz
@sivel
sivel.net

[Kevin Burton]

On Thursday, October 30, 2014 4:51:35 PM UTC-7, Matt Martz wrote:

So what specifically would you say your problem is?

I need to bulk add all host keys, then I need to add my SSH key on all the boxes.

 

And perhaps it might be easier to just write a for loop and use ssh-copy-id to get your key up there first?

I mean I can but Ansible should be able to do it I think. Might be wrong though.

 

Ansible can do it, but there a few things to consider:

1. Do all hosts use the same password? If so then this is easy

2. If hosts use different passwords, you could temporarily put your password on your inventory

ah. yes.  I'll probably do that.  ... then back it out.

 

3. What is the need for interactivity? Ansible doesn't typically do interactive remote tasks

because OpenSSH will, by itself, prompt for the password, and add the host key. 

 

4. Also for doing it serially you can use -f 

5. Do you have to add your key to the root users authorized keys? I'd recommend not doing that, and just ssh as your user and use su or sudo functionality in ansible

Maybe but I find it's effectively the same and would require some refactoring... but if I'm just going to SSH in and then immediately su it's orthogonal.   

[Kevin Burton]

btw... 

-f 1 

caused openssh to prompt me to accept the host ID ... so that worked :)

KEvin

[Michael DeHaan]

Ansible will still ask without -f 1.

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To post to this group, send email to ansible...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/7644b3de-6be1-4415-9cc2-9588a7c53042%40googlegroups.com.