Better way to reference SSH Identity Key?

[Jason Wood]

Right now I have in ansible.cfg:

[ssh_connection]

ssh_args = -F ssh_config

scp_if_ssh = True

And in ssh_config:

Host sub.domain.com
    Hostname sub.domain.com
    User ubuntu
    IdentityFile ~/mykeyfile.pem

Right now I'm manually editing this file to change the 2 hostnames when I want to work with a different host!

The IdentityFile is the same for all hosts.

Can you suggest a better way? I've had trouble finding docs on this.

[Brian Coca]

several ways:

In ssh_config you can:
Host *

^ will match all hosts, you can be more/less restrictive than that.

Within ansible there are many ways to supply the key :

[defaults]
private_key_file = ~/mykeyfile.pem

for a full list see
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ssh_connection.html#parameters



--
----------
Brian Coca

[Evan Hisey]

Funny this came up, as I just finished a playbook that bounces keys several times. There are 2 variables you can use in the playbook itself and can be changed using set_fact:ansible_private_key_file, and ansible_ssh_private_key_file. Used with the ansible_user or ansible_ssh_user variables it can be quite handy cycling users or updating authorized keys mid play.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CACVha7fUtaV_O20o6aBvTqNYxHJA1o%2BBQbO_Wq%2BiJcrjwwT5Tg%40mail.gmail.com.

[Jason Wood]

Thank you both.

I'm going with the

[defaults] 
private_key_file = ~/mykeyfile.pem 

method, but it's good to know that this can also be done inside the playbook, as I might want to consider using ansible for key rotation at some point in the future...

Thanks again.

Jason