Let us take a closer look at the ansible authorized_key and learn more about it and the configurations associated with the support of our Server Management Support services at Bobcares.

Authorized_key and its role in Ansible

To perform tasks and plays on remote target machines in Ansible, we must either remove the connection password or supply password/keys in real-time while running a playbook.

Ansible’s default connection method is native OpenSSH. Ansible assumes that we are using SSH keys to connect to the target remote machines by default.

To interact with SSH, we need either the user account’s password or the SSH key. Ansible provides a very helpful module called the authorized key that allows you to add and remove authorized keys for user accounts on remote machines.

Here, we will go through several approaches and possibilities for utilizing this module.

What is Ansible Authorized_key?

An SSH key pair is made up of two keys, one public and one private. The private key is available locally, while the public key is shared with the remote hosts to which we wish to connect.

This combination can configure asymmetric encryption, which means that if anything is encrypted with one of the keys in this combination, another key in the combination is used to decrypt it. We use OpenSSH in Ansible to establish SSH connections to remote target nodes.

We can establish an SSH connection with remote computers by using either Linux commands or Ansible’s authorized key module.

This module can locate key files for user accounts in specified locations and copy them to remote target machines on the specified path (default is /.ssh/authorized keys when unset).

How Does Ansible Authorized_key work?

In Ansible, use keys to create the SSH connection. We must take measures, which can be done in a variety of ways. Follow the steps given below:

• Create a key pair with private and public keys named id RSA and pub, respectively.
• If there is nothing specific, they will be generated under the /.ssh directory by default.
• Send public key pub to remote hosts by copying it to the end of the file /.ssh/authorized keys.
• Make an ssh connection to the remote host and say yes when prompted to add the fingerprints of the target hosts to /.ssh/known hosts. If we do not do this, the system will prompt us every time we connect over SSH.

We can accomplish this by using either a Linux command or the Ansible authorized key module. We can discuss some of these parameters as shown below:

• key: The public key for SSH. It accepts a string or a number.
• path: The default path to the authorized keys file is /.ssh/authorized keys.
• state: whether the key exists or not in the file /.ssh/authorized keys The default value is present.
• User: The remote host’s username whose authorized keys file will be updated.
• validate_certs: When utilizing an HTTPS URL as the source of the key file, this can specify whether or not to enable the source site’s certificate to validate. Yes is the default.
• exclusive: This is configured to remove all non-specified keys from the authorized key list. No is the default.
• comment: To specify a comment on the public key, which is important when using GitHub/GITLAB for management.
• manage_dir: This option instructs the module to manage the authorized key directory.

Yes is the default. Make sure to set no for manager dir when using the parameter path.

Example to Implement Ansible Authorized_key

Now, we’ll try to learn about the Ansible authorized key module and various other techniques to use keys to establish a successful connection to remote target hosts. We will utilize various instances, but first, we must comprehend our lab, which we used for testing purposes.

Ansible control server ansible-controller and two remote hosts named host-one and host-two are present. We’ll write playbooks, run ansible commands on the ansible-controller node, and monitor the results on remote hosts.

Example 1

In this example for ansible authorized_key, we will build a key combination for a user using an Ansible playbook. Then, using Ansible authorized key, copy the public key from the Ansible controller node to the remote target nodes’ /.ssh/authorized keys file.

We’ve built a setup for this. Our playbooks are now failing since we do not have a successful connection to distant target nodes. SSH keys for ec2-user are missing on the controller machine, and this user’s entry is also missing on the remote target machines.

Code:

ansible-playbook /var/tmp/debug_ansible_fact_l.yml

Output:

Using the command below, we now generate SSH public and private keys on the controller node.

Code:

ssh-keygen -q -b 2048 -t rsa -N "" -f ~/.ssh/id_rsa
ls -l .ssh/id_rsa*

Output:

This will generate the following two files:

Example #2 for ansible authorized_key

Now we’ll write a playbook that will use the Ansible authorized module to copy the public key file to remote computers, as shown below: –

name: copy public key from controller node to remote nodes hosts: all
tasks:
name: add the public key to authorized_keys using Ansible module authorized_key:
user: ec2-user state: present key: '{{ item }}'
with_file:
- ~/.ssh/id_rsa.pub

Example #3 for ansible authorized_key

Now run this playbook, but first give a private key to connect to the target remote hosts on the command line with an ansible-playbook command, or use arguments to request a password.

In the following example, we use a private key on the command line with ansible-playbook to connect to the remote target node; the public key of this key is already present in allowed keys on remote target nodes.

By running this playbook, we are adding entries to remote target machines’ /.ssh/authorized keys.

Code:

ansible-playbook ansible_authorized_key.yaml --private-key /var/tmp/key_l.pem

Output: 

When we run the same Ansible playbook that we ran previously, it will now operate smoothly, as shown below. As we now have the controller node’s public key copied to the remote target node’s authorized keys file, SSH passwords from the controller to remote nodes are no longer necessary.

Output: 

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude we have now learned more about the ansible authorized_key and all of the necessary configurations for it with the support of our Server Management Support Services at Bobcares.