Call ssh-copy-id in an Ansible playbook - How to handle password prompt?

ssh ansible ansible-playbook
22,620

Solution 1

If using the ssh-copy-id command is not a restriction, you might as well try out the Ansible authorized_key module.

Then your code could look something like this:

authorized_key:
  user: <user>
  key: "{{ lookup('file', '/home/' + lookup('env', 'USER') + '/.ssh/id_rsa.pub') }}"

Solution 2

You can try sshpass tool. It would require modification of your command like this:

command: sshpass -p password ssh-copy-id -i /home/{{user}}/.ssh/id_rsa.pub -o StrictHostKeyChecking=no user@serverB

but there are other options how to provide the password -- see the sshpass(1) manual page.

Share:
22,620
funkenstrahlen
Author by

funkenstrahlen

Updated on July 28, 2022

Comments

  • funkenstrahlen
    funkenstrahlen almost 2 years

    I have two servers. I manage serverA with Ansible. serverB is not managed with Ansible. I want serverA to be able to access serverB by copying the ssh_pub_key of serverA to serverB.

    This can be done manually by calling ssh-copy-id user@serverB on serverA.

    I want to do this with Ansible on serverA automatically.

    - name: Register ssh key at serverB
  command: ssh-copy-id -i /home/{{user}}/.ssh/id_rsa.pub -o StrictHostKeyChecking=no user@serverB

    Calling ssh-copy-id requires me to enter my ssh password for user@serverB, so the key can be copied.

    How can I do this via ansible? I want it to ask for the user@serverB password interactively while executing the playbook. Storing the password in ansible vault is also an option. Then I still do not know how to avoid the interactive password call of ssh-copy-id though.

    I also added -o StrictHostKeyChecking=no to the call because this is another interaction that normally requires user interaction when calling ssh-copy-id.

  • funkenstrahlen
    funkenstrahlen almost 9 years
    That's a great approach. How can I interactively ask for the password before, so I can pass the variable to sshpass?
  • Jakuje
    Jakuje over 7 years
    before what? You are running in cron.
  • Rao
    Rao over 3 years
    I would just add, that Ansible link points to docs for old version. Current version is here.
  • akshaypmurgod
    akshaypmurgod almost 2 years
    this does not work on cento7 & above.
  • Jakuje
    Jakuje almost 2 years
    @akshaypmurgod why? What does it do?
  • akshaypmurgod
    akshaypmurgod almost 2 years
    It doesn`t error out. At the same time, ssh keys are not copied to the destination server. Any suggestions are welcome.
  • Jakuje
    Jakuje almost 2 years
    @akshaypmurgod you can run the ansible or ssh in verbose mode to see what is going on there.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSH ok but Ansible returns "unreachable"
ansible ssh permission denied
Unable to connect to Ansible via SSH
Ansible where do PreferredAuthentications SSH settings come from?
How do I use remote machine's SSH keys in ansible git module
Getting MAC address from Ansible facts in role
Cannot create symbolic link in Ansible, says: "folder is not empty, refusing to convert it"
Ansible best practice do not repeat common role
Ansible to generate random passwords automatically for users
How to send an email with Ansible