Ansible authentication

January 7, 2022 - Reading time: 2 minutes

When running commands remotely, ansible will attempt to use ssh authentication.
The first time you ssh to a new host, it will require to validate the fingerprint:

root@f12d33c83ada:~# ansible all -i, -m ping
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:ON9GHyGDFBtEvMDi1D6ZTZ+xPBPNsZzBcGmORUIn06g.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C [ERROR]: User interrupted execution

This can be disabled by setting the host_key_checking to false:

root@f12d33c83ada:~# fgrep host_key ~/.ansible.cfg

The next step is to decide if you are going to manually input the password every time you run your playbook.
To do this, you'll need to use the --ask-pass flag, and have ssh-pass installed on your system:

root@f12d33c83ada:~# ansible all -i, -m ping --ask-pass
SSH password: | FAILED! => {
    "msg": "to use the 'ssh' connection type with passwords or pkcs11_provider, you must install the sshpass program"

After installing with apt install sshpass:

root@f12d33c83ada:~# ansible all -i, -m ping --ask-pass
SSH password:
[WARNING]: No python interpreters found for host (tried ['python3.10', 'python3.9', 'python3.8', 'python3.7', 'python3.6',
'python3.5', '/usr/bin/python3', '/usr/libexec/platform-python', 'python2.7', 'python2.6', '/usr/bin/python', 'python'])

Finally, to run playbooks without providing any password at all, use ssh-keygen and ssh-copy-id <user>@<host> to use key based authentication.