ssh-key exchange and root password set

[Prady A]

Hello folks

As a new learner, I am trying to copy the ssh pub key to the managed node as below.

ssh_install.yml

===

tasks:
    - name: Exchange the pub key
      authorized_key:
        user: root
        state: present
        key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"

===

Running with below  command

#ansible-playbook -i inventory ssh_install.yml -k

It is running without any issue but is there any way to avoid the -k option? I dont want to provide the password for each managed node in the command prompt.

Secondly using below task for changing the root password. I will use vault to store PLAIN_PASSWORD. Is there any better method to do it? Kindly advice.

- name: passwd change

user:

name: root

password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}"

[Vladimir Botka]

On Wed, 29 Mar 2023 19:56:23 +0900
Prady A <pradyu...@gmail.com> wrote:

> #ansible-playbook -i inventory ssh_install.yml *-k*
> ... avoid the -k option

Use *ssh-agent*.
https://www.ssh.com/academy/ssh/agent

It is a bad practice to *ssh* to root. See
https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

> password: "{{ 'PLAIN_PASSWORD' | password_hash('sha512') }}"

See how to use Ansible vault
https://docs.ansible.com/ansible/latest/cli/ansible-vault.html

The next option is *passwordstore*
https://www.passwordstore.org/

See the Ansible *passwordstore* lookup plugin
https://docs.ansible.com/ansible/latest/collections/community/general/passwordstore_lookup.html


--
Vladimir Botka