ssh-copy-id in one line with password, possible?
Solution 1
Yes, you can do it with a loop using expect.
Solution 2
Here's a method I use to provision new Debian hosts without known ssh keys. Host needs to have python
and python-apt
packages installed for this playbook to work out of the box. If you want to test it on a VM, you can run Debian installer with boot parameter url=drybjed.github.io
- installer will download a preseed file with python
and python-apt
packages selected (among others). After installation, default password for root account will be debian
and you will be forced to change it upon first login.
After installation and first login:
- Make sure that you can ssh into the root@host using password (accept host fingerprint, etc.).
-
Create
init.yml
:hosts: all user: root sudo: no tags: init vars: - ssh_user: $ENV(USER) tasks: - name: INIT | Create admin system group group: name=admins system=yes state=present tags: init - name: INIT | Create admin account from current user user: name=$ssh_user state=present shell=/bin/bash groups=admins tags: init - name: INIT | Make sure essential software is installed apt: pkg=$item state=latest install_recommends=no with_items: - python - python-apt - sudo tags: init - name: INIT | Install ssh public key from current account authorized_key: user=$ssh_user key="$FILE(~/.ssh/id_rsa.pub)" tags: init - name: INIT | Install sudoers file for admin accounts lineinfile: "dest=/etc/sudoers.d/admins state=present create=yes regexp='^%admins' line='%admins ALL=(ALL:ALL) NOPASSWD: SETENV: ALL' owner=root group=root mode=0440" tags: init
Run Ansible with:
ansible-playbook -k -l host init.yml
. Ansible will ask for root password, create a systemadmins
group with access to sudo, create an user account based on your current user, copy your~/.ssh/id_rsa.pub
to your new account, and add it to theadmins
group.
From now you can use Ansible through your user account using sudo.
Related videos on Youtube
shaharmor
Updated on September 18, 2022Comments
-
shaharmor over 1 year
I'm trying to setup an automated script in Ansible to set a new server, and i'm using
ssh-copy-id
to add the Ansible master server to the new server's authorized ssh keys.I created a script which uses
ssh-copy-id
, but that command is asking for the new server's password.Is it possible to give it that password in the same line of calling it so i can automate it in a script?
-
shaharmor over 10 yearsCan you give me an example of using "expect" with "ssh-copy-id"?
-
dawud over 10 yearsCheck the links in @Petter H's answer
-
metakermit about 9 yearsAlmost worked for me. Had to do this for the ssh key:
authorized_key: user={{ ansible_user_id }} key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"