When running commands remotely, ansible will attempt to use ssh authentication.
The first time you ssh to a new host, it will require to validate the fingerprint:
root@f12d33c83ada:~# ansible all -i 172.17.0.3, -m ping
The authenticity of host '172.17.0.3 (172.17.0.3)' can't be established.
ECDSA key fingerprint is SHA256:ON9GHyGDFBtEvMDi1D6ZTZ+xPBPNsZzBcGmORUIn06g.
Are you sure you want to continue connecting (yes/no/[fingerprint])? ^C [ERROR]: User interrupted execution
This can be disabled by setting the host_key_checking
to false:
root@f12d33c83ada:~# fgrep host_key ~/.ansible.cfg
host_key_checking=False
The next step is to decide if you are going to manually input the password every time you run your playbook.
To do this, you'll need to use the --ask-pass
flag, and have ssh-pass
installed on your system:
root@f12d33c83ada:~# ansible all -i 172.17.0.3, -m ping --ask-pass
SSH password:
172.17.0.3 | FAILED! => {
"msg": "to use the 'ssh' connection type with passwords or pkcs11_provider, you must install the sshpass program"
}
After installing with apt install sshpass
:
root@f12d33c83ada:~# ansible all -i 172.17.0.3, -m ping --ask-pass
SSH password:
[WARNING]: No python interpreters found for host 172.17.0.3 (tried ['python3.10', 'python3.9', 'python3.8', 'python3.7', 'python3.6',
'python3.5', '/usr/bin/python3', '/usr/libexec/platform-python', 'python2.7', 'python2.6', '/usr/bin/python', 'python'])
Finally, to run playbooks without providing any password at all, use ssh-keygen
and ssh-copy-id <user>@<host>
to use key based authentication.