You Must Change Your Password Now and Login Again Ssh Bypass

In this article, I will show you how to run Ansible playbooks using an SSH password-based login with sshpass.

Prerequisites

If you would like to endeavour out the examples discussed in this article,

i) You must have Ansible installed on your computer.
2) You must have at least an Ubuntu/Debian host to which yous can connect from Ansible.

In that location are many articles on LinuxHint dedicated to Installing Ansible. You may bank check these out if needed to install the necessary programs on your system.

You will also need to have sshpass installed on your computer, where you should accept Ansible installed. I will show yous how to install sshpass on Ubuntu/Debian and CentOS/RHEL in this article. Exercise not worry if you do not take these programs already installed on your system.

Installing sshpass on Ubuntu/Debian

The plan sshpass is bachelor in the official package repository of Ubuntu/Debian. You can easily install this programme on your computer.

Commencement, update the APT parcel repository cache via the post-obit command:

Now, install sshpass via the following control:

$ sudo apt install sshpass -y

sshpass should now exist installed.

Installing sshpass on CentOS viii/RHEL eight

sshpass is bachelor in the EPEL repository of CentOS 8/RHEL 8. You must take the EPEL repository enabled to install sshpass.

First, update the DNF package repository cache via the following command:

Adjacent, install the EPEL repository bundle via the following command:

$ sudo dnf install epel-release -y

The EPEL repository bundle should now be installed and the EPEL repository should be enabled.

Update the DNF packet repository cache again, equally follows:

Install sshpass via the following command:

$ sudo dnf install sshpass -y

sshpass should be installed.

Setting Up an Ansible Project Directory

Before we move on any farther, it would be a proficient idea to create a project directory construction, simply to keep things a bit organized.

To create a projection directory sshpass/ and all the required subdirectories (in your current working directory), run the following command:

$ mkdir -pv sshpass/ {files,playbooks}

Navigate to the project directory, equally follows:

Create a hosts inventory file, as follows:

Add your host IP or DNS name in the inventory file.

In one case y'all are finished with this footstep, relieve the file past pressing <Ctrl> + Ten, followed past Y and <Enter>.

Create an Ansible configuration file in the projection directory, as follows:

At present, blazon in the following lines in the ansible.cfg file.

One time you are finished with this step, salvage the file by pressing <Ctrl> + Ten, followed by Y and <Enter>.

Testing Password-Based SSH Login in Ansible

Side by side, try to ping the hosts in the inventory file, as follows:

$ ansible all -u shovon -m ping

NOTE: Here, the -u choice is used to tell ansible which user to log in as. In this case, it will be the user shovon. Supercede this username with yours from now on, throughout the demo.

As you can see, I am not able to log in to the host and run whatsoever commands.

To strength Ansible to ask for the user countersign, run the ansible command with the –ask-laissez passer argument, as follows:

$ ansible all -u shovon --ask-pass -1000 ping

As you can see, Ansible asks for the SSH password of the user. At present, type in your SSH password (user login countersign) and press <Enter>.

The host can be pinged, equally follows:

Ansible Password-based SSH Login for Playbooks

You can use a password-based SSH login when you run Ansible playbooks. Let us await at an instance.

Kickoff, create a new playbook askpass1.yaml in the playbooks/ directory, every bit follows:

$ nano playbooks/askpass1.yaml

Type the post-obit lines in the askpass1.yaml playbook file:

- hosts : all
user : shovon
tasks:
- name : Ping all hosts
ping:
- proper name : Print a message
debug:
msg : 'All set'

Once you are finished with this pace, salvage the file by pressing <Ctrl> + 10, followed by Y and <Enter>.

Run the askpass1.yaml playbook, as follows:

$ ansible-playbook playbooks/askpass1.yaml

As you tin see, I am not able to connect to the host. You can see that this is because I did not run the ansible-playbook command with the –ask-laissez passer choice.

Run the askpass1.yaml playbook with the –ask-laissez passer option, as follows:

$ ansible-playbook –enquire-pass playbooks/askpass1.yaml

As you tin can see, Ansible is asking for a SSH password. Type in your SSH password and press <Enter>.

The playbook askpass1.yaml should now run successfully.

Ansible sudo Countersign Login for Playbooks

The –ask-pass option volition ask for the SSH login password only. What if you also wish to blazon in the sudo password? Yous will encounter how to do this in the side by side steps.

Beginning, create a new playbook askpass2.yaml in the playbooks/ directory, as follows:

$ nano playbooks/askpass2.yaml

Type the following lines in the askpass2.yaml file.

- hosts : all
user : shovon
become : True
tasks:
- name : Install apache2 Packet
apt:
name : apache2
state : latest
- proper noun : Make sure apache2 service is running
service:
proper name : apache2
state : started
enabled : Truthful
- proper name : Copy alphabetize.html file to server
copy:
src : ../files/index.html
dest : /var/world wide web/html/alphabetize.html
mode : 0644
owner : www-information
group : www-data

Here, I have used the command become: True to tell Ansible to run this playbook with sudo privileges. Once yous are finished with this step, save the askpass2.yaml file past pressing <Ctrl> + X, followed by Y and <Enter>.

Create an index.html file in the files/ directory, equally follows:

Type the post-obit HTML codes in the index.html file:

Once y'all are finished with this step, save the file by pressing <Ctrl> + X followed by Y and <Enter>.

Yous may run the askpass2.yaml playbook with the –enquire-laissez passer choice, as follows:

$ ansible-playbook --ask-pass playbooks/askpass2.yaml

You will then be asked for the SSH countersign, as before.

But the playbook yet may not run fifty-fifty if you provide the SSH password. The reason for this is because yous accept to tell Ansible to prompt for the sudo password, equally well as the SSH countersign.

You tin can tell Ansible to ask for the sudo password using the –ask-become-pass option while running the playbook, equally follows:

$ ansible-playbook --ask-pass --ask-become-pass playbooks/askpass2.yaml

Now, Ansible volition prompt you for the SSH countersign.

Adjacent, Ansible volition prompt you for the sudo password. If your sudo password is the same as the SSH password (which is most likely), then exit information technology blank and press <Enter>.

Equally you lot can see, the playbook ran successfully.

Configuring Automated Password-Based SSH Login and sudo Password Login

You may wish to use countersign-based SSH and sudo login, but practice not want to type in the SSH password and sudo password every fourth dimension you run a playbook. If that is the case, and then this department is for you lot.

To use password-based SSH login and sudo login without beingness prompted for the passwords, all you lot have to practise is add the ansible_ssh_pass and ansible_become_pass host variables or group variables in your inventory file.

First, open the hosts inventory file, equally follows:

If you accept multiple hosts in your inventory file and each of the hosts has different passwords, then add the ansible_ssh_pass and ansible_become_pass variables as host variables (after each host) equally follows.

Be sure to replace hush-hush with your SSH and sudo password.

If all or some of the hosts have the aforementioned password, then you lot can add the ansible_ssh_pass and ansible_become_pass variables as group variables, every bit shown in the instance below.

Here, I have only one host, so I take added the ansible_ssh_pass and ansible_become_pass variables for the all group (all hosts in the inventory file). Simply, you may add these variables for other specific groups as well.

One time you have finished adding the ansible_ssh_pass and ansible_become_pass variables in the hosts inventory file, save the hosts inventory file by pressing <Ctrl> + X, followed by Y and <Enter>.

You lot may now run the askpass2.yaml playbook, as follows:

$ ansible-playbook playbooks/askpass2.yaml

As yous can run into, the playbook ran successfully, though it did non ask for the SSH countersign or the sudo password.

And so, this is how you utilise sshpass for password-based SSH and sudo login in Ansible. Give thanks yous for reading this article!

Nearly the author

Freelancer & Linux System Administrator. As well loves Web API evolution with Node.js and JavaScript. I was built-in in Bangladesh. I am currently studying Electronics and Communication Technology at Khulna University of Applied science & Engineering science (KUET), one of the enervating public engineering universities of People's republic of bangladesh.

mcintoshsatho1995.blogspot.com

Source: https://linuxhint.com/how_to_use_sshpass_to_login_for_ansible/