Ansible Authorized_key: Establishing Secure SSH Connections
Understanding Ansible Authorized_key
An SSH key pair is made up of a public key and a private key. The public key is shared with the faraway hosts we want to connect to, while the private key is kept locally. Ansible believes that SSH keys are used as the default way to connect to remote machines.
Ansible’s authorized_key module makes it easy to handle the authorized keys for user accounts on remote machines. This program lets us add or remove authorized keys, which makes SSH connections safer and easier to use.
How Authorized_Key in Ansible Works
To establish an SSH connection using Ansible, we need to take certain steps. Here is a guide to how authorized_key works in Ansible:
- Make a secret key (id_rsa) and a public key (id_rsa.pub) that go together. These keys are created by default in the /.ssh area.
- On the remote servers, copy the public key (id_rsa.pub) to the end of the /.ssh/authorized_keys file.
- Set up an SSH connection to the remote host, and check that the fingerprints of the target hosts have been added to the /.ssh/known_hosts file. This step keeps you from being asked to verify your connection over SSH over and over again.
There are two ways to do these steps with Ansible: Using Linux commands or the Ansible authorized_key tool. Let’s look at some of the most important parts of this module:
- key: This input can be either a string or a number, and it represents the SSH public key.
- path: The authorized keys file is found at /.ssh/authorized_keys by default.
- state: Tells if the key is in the file of “authorized keys” or not. “Present” is the default setting.
- user: This is the username of the remote host whose authorized key file will be changed.
- validate_certs: If the source of the key file is an HTTPS URL, this option tells the program whether or not to check the certificate of the source site. “Yes” is the default answer.
- only this: Set up to remove all keys that are not mentioned from the list of authorized keys. “No” is the default answer.
- comment: This option lets you add a comment to the public key, which can be helpful when using GitHub or GitLab to handle keys.
- manage_dir: By choosing this option, the module will be told to take care of the authorized key directory. The answer that is already set is “yes.” If you use the “path” input, make sure “manage_dir” is set to “no.”
Implementing Ansible Authorized_key
Now, let’s look at how the Ansible authorized_key module can be used in the real world and in different ways to connect to remote target hosts successfully. To show this, we’ll look at a setup with an Ansible control server (ansible-controller) and two remote machines (host-one and host-two). We’ll write playbooks, run Ansible commands on the ansible-controller node, and watch the effects on the remote hosts.
Example 1: Making SSH Keys and Copies
In this example, we’ll use an Ansible script to create an SSH key pair for a user and copy the public key to the /.ssh/authorized_keys file on remote target nodes.
First, let’s use the following command on the master node to make the SSH public and private keys:
ssh-keygen -q -b 2048 -t rsa -N "" -f ~/.ssh/id_rsa ls -l .ssh/id_rsa*
Example 2: Copying Public Keys Using Ansible
In this case, we’ll write a playbook to copy the public key file to distant computers using the Ansible authorized_key module. Here’s an example playbook:
name: Copy Public Key to Remote Nodes hosts: all tasks: - name: Add public key to authorized_keys authorized_key: user: ec2-user state: present key: '{{ item }}' with_file: - ~/.ssh/id_rsa.pub
Example 3: Getting in touch with the private key
In this final example, we will connect to the remote target hosts using a private key. The public key corresponding to this private key should already be present in the allowed keys on the remote hosts. Here’s the command to run the playbook:
ansible-playbook ansible_authorized_key.yaml --private-key /var/tmp/key_l.pem
Conclusion
The Ansible authorized_key module plays a vital role in establishing secure SSH connections in Ansible. By effectively managing authorized keys, Ansible ensures secure and efficient communication between the control server and remote hosts. Understanding the usage and functionalities of authorized_key empowers system administrators to configure systems with enhanced security and control.
In short, Ansible’s authorized_key module makes it easier to handle SSH keys, which speeds up automation and makes infrastructure management more secure.