π§ Ansible Setup with Passwordless SSH (Private Key Method)
This guide walks you through a clean Ansible setup using a dedicated ansible user, passwordless sudo, and private key authentication (no password prompt).
This setup allows your control node to manage multiple EC2 instances without entering passwords every time, making automation smooth and efficient. Perfect for beginners wanting hands-on practice with Ansible and AWS
π Architecture Overview
| Role | OS | Description |
|---|---|---|
| Control Node | Amazon Linux | Runs Ansible and manages other nodes |
| Managed Nodes | Amazon Linux / Ubuntu | Machines managed by Ansible |
𧩠Step 1 β Create Ansible User on All Nodes
On each node (Control + Managed):
sudo adduser ansible
sudo passwd ansible
Add ansible to sudoers:
sudo visudo
ansible ALL=(ALL) NOPASSWD:ALL
Add this line at the end: After adding press ctrl+o then enter then ctrl+x
π‘ This gives passwordless sudo access to the ansible user.
π Step 2 β Configure SSH on (Managed+ controle) Nodes
Edit /etc/ssh/sshd_config on each managed node:
sudo vi /etc/ssh/sshd_config
Uncomment or add the following lines:
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Then restart SSH:
- On Amazon Linux:
sudo systemctl restart sshd
- On Ubuntu:
sudo systemctl restart ssh
π§° Step 4 β Install Ansible (Control Node Only)
On control node (Amazon Linux):
sudo yum install python3-pip -y
sudo pip3 install ansible
ansible --version
Verify:
ansible --version
π Step 5 β Generate SSH Key Pair on Control Node
Switch to ansible user on control node:
sudo su - ansible
Generate SSH keys:
ssh-keygen -t rsa -b 2048
Press Enter for all prompts to accept defaults (no passphrase).
Youβll get:
/home/ansible/.ssh/id_rsa (private key)
/home/ansible/.ssh/id_rsa.pub (public key)
π€ Step 6 β Copy SSH Key to Managed Nodes (Passwordless Setup)
Use this command on the control node:
ssh-copy-id ansible@<managed_node_private_ip>
Youβll enter the password of the ansible user only once.
Repeat for each managed node.
Example:
ssh-copy-id ansible@172.31.29.148
ssh-copy-id ansible@172.31.18.225
β
Now test:
ssh ansible@172.31.29.148
If it logs in without asking password, passwordless SSH is working perfectly.
π§ Step 7 β Verify Setup with Ansible Ping
Create an inventory file /home/ansible/hosts:
use this command under /home/ansible directory
sudo vi hosts
[web]
172.31.29.148
[dev]
172.31.18.225
Now test connection:
ansible all -i hosts -m ping
Expected output:
172.31.29.148 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.31.18.225 | SUCCESS => {
"changed": false,
"ping": "pong"
}
β Verification Checklist
| Step | Check |
|---|---|
ansible user exists on all nodes |
β |
| Passwordless sudo enabled | β |
| SSH passwordless login (private key) works | β |
/etc/ssh/sshd_config updated and SSH restarted |
β |
| Ansible ping successful | β |
𧩠Bonus Tip β Test with Ad Hoc Command
ansible all -i hosts -m shell -a "hostname"
ansible all -i hosts -m shell -a "uptime"
If you see hostnames and uptime output β congratulations π
Your Ansible setup with private key passwordless access is ready!
π§Ύ Notes
- Private key (
id_rsa) always stays on the control node - Public key (
id_rsa.pub) is copied to managed nodesβ~/.ssh/authorized_keys - Never share or upload your private key to any other system...
Top comments (0)