Just starting out with Ansible, I have set up an Asible user on the client machine and created a set of keys from OpenSSL. I am running Ansible under my own account. I have specified the user and private key file in the Ansible configuration. I want the remote commands to run as this user and this user to sudo to do commands requiring elevation.
/etc/ansible/ansible.cfg
private_key_file = /etc/ansible/pka/confman.crt
remote_user = confman
Commands such as this do not ask for passphrases after initial entry of passphrase:
ansible all -m ping
The following prompt for a passphrase every time I run them:
ansible all -m ping -b
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)
ansible all -m ping --sudo
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)
ansible all -a "cat /etc/redhat-release"
Enter passphrase for key '/etc/ansible/private_keys/confman.crt':
(success)
Why?
Is there any way to set the passphrase? Is there a more secure way? I plan to run ansible remotely and via cron and via other automation tools where entering a passphrase is not an option.
As context, I have never needed to SSH between Linux servers, always from a Windows machine using tools such as putty, RoyalTS and mRemoteNG so my ssh knowledge is... sparse. I assume I am missing something obvious.
The feature is called
ssh-agent:now ansible should be able to find the key in agent and authenticate without asking for passphrase every time. From: Documentation: Your first commands