ssh-copy-id in one line with password, possible?
Solution 1
Yes, you can do it with a loop using expect.
Solution 2
Here's a method I use to provision new Debian hosts without known ssh keys. Host needs to have python and python-apt packages installed for this playbook to work out of the box. If you want to test it on a VM, you can run Debian installer with boot parameter url=drybjed.github.io - installer will download a preseed file with python and python-apt packages selected (among others). After installation, default password for root account will be debian and you will be forced to change it upon first login.
After installation and first login:
- Make sure that you can ssh into the root@host using password (accept host fingerprint, etc.).
-
Create
init.yml:hosts: all user: root sudo: no tags: init vars: - ssh_user: $ENV(USER) tasks: - name: INIT | Create admin system group group: name=admins system=yes state=present tags: init - name: INIT | Create admin account from current user user: name=$ssh_user state=present shell=/bin/bash groups=admins tags: init - name: INIT | Make sure essential software is installed apt: pkg=$item state=latest install_recommends=no with_items: - python - python-apt - sudo tags: init - name: INIT | Install ssh public key from current account authorized_key: user=$ssh_user key="$FILE(~/.ssh/id_rsa.pub)" tags: init - name: INIT | Install sudoers file for admin accounts lineinfile: "dest=/etc/sudoers.d/admins state=present create=yes regexp='^%admins' line='%admins ALL=(ALL:ALL) NOPASSWD: SETENV: ALL' owner=root group=root mode=0440" tags: init Run Ansible with:
ansible-playbook -k -l host init.yml. Ansible will ask for root password, create a systemadminsgroup with access to sudo, create an user account based on your current user, copy your~/.ssh/id_rsa.pubto your new account, and add it to theadminsgroup.
From now you can use Ansible through your user account using sudo.
Related videos on Youtube
15 : 46
06 : 32
05 : 48
06 : 12
02 : 38
shaharmor
Updated on September 18, 2022Comments
-
shaharmor over 1 year
I'm trying to setup an automated script in Ansible to set a new server, and i'm using
ssh-copy-idto add the Ansible master server to the new server's authorized ssh keys.I created a script which uses
ssh-copy-id, but that command is asking for the new server's password.Is it possible to give it that password in the same line of calling it so i can automate it in a script?
-
shaharmor over 10 yearsCan you give me an example of using "expect" with "ssh-copy-id"?
-
dawud over 10 yearsCheck the links in @Petter H's answer
-
metakermit about 9 yearsAlmost worked for me. Had to do this for the ssh key:
authorized_key: user={{ ansible_user_id }} key="{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
