Ansible-Installation & Passwordless Authentication

Here’s a shell script to install Ansible on Ubuntu using the official Ansible PPA (Personal Package Archive), as recommended in the official Ansible documentation.

#!/bin/bash

# Update the package list
echo "Updating the package list..."
sudo apt update -y

# Install prerequisite software-properties-common if not installed
echo "Installing software-properties-common..."
sudo apt install -y software-properties-common

# Add Ansible PPA
echo "Adding Ansible PPA..."
sudo add-apt-repository --yes --update ppa:ansible/ansible

# Update the package list again to include Ansible PPA
echo "Updating the package list after adding Ansible PPA..."
sudo apt update -y

# Install Ansible
echo "Installing Ansible..."
sudo apt install -y ansible

# Verify Ansible installation
echo "Verifying Ansible installation..."
ansible --version

echo "Ansible installation completed successfully."

Explanation of Each Step

1. Update the package list: Ensures your system has the latest package information.

2. Install prerequisites: software-properties-common is required for add-apt-repository.

3. Add the Ansible PPA: Adds the official Ansible PPA to your system.

4. Update package list (again): Refreshes the package list after adding the PPA.

5. Install Ansible: Installs Ansible from the newly added PPA.

6. Verify installation: Confirms that Ansible is installed by displaying the version.

Run the Script:

chmod +x install_ansible.sh
./install_ansible.sh

How to setup Passwordless Authentication:

Steps to Configure Passwordless SSH Access:

1. To copy the linuxkey.pem file from your Windows laptop to your Ansible server on an EC2 instance, you can use a tool like SCP (secure copy) through a tool such as Git Bash (if installed) or Windows PowerShell. Here are the steps:

SCP Command Syntax:

scp -i "<path-to-pemfile-for-ansible-access>" "<file-to-copy>" ubuntu@<ansible-server-ip>:/path/to/destination/

Ex:

scp -i "C:\Users\ssrmc\Downloads\linuxkey.pem" "C:\Users\ssrmc\Downloads\linuxkey.pem" ubuntu@98.80.125.62:/home/ubuntu/
linuxkey.pem

2. Set Permissions for the PEM File Ensure the linuxkey.pem file has the correct permissions:

    chmod 400 linuxkey.pem
   

3. Generate an SSH Key Pair on the Ansible Server (if not done already) Generate a new SSH key pair on the Ansible server. This key will be used for passwordless SSH authentication.

    ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N ""
   

Now, proceed with the following steps to copy this public key (id_rsa.pub) to Test-Server1 and Test-Server2:

Method-1: Manual Method (Manual Copy with ssh and cat)

1. Copy the Public Key to Test-Server1:

ssh -i linuxkey.pem ubuntu@<Test-Server1-IP> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub

2. Copy the Public Key to Test-Server2:

ssh -i linuxkey.pem ubuntu@<Test-Server2-IP> "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys" < ~/.ssh/id_rsa.pub

After these steps, you should be able to SSH into Test-Server1 and Test-Server2 from your Ansible server without using a password or the linuxkey.pem file. You can verify this by running:

ssh ubuntu@<Test-Server1-IP>
ssh ubuntu@<Test-Server2-IP>

To logged into Test-Server-1: ssh ubuntu@3.89.232.151

To logged into Test-Server-2: ssh ubuntu@54.84.173.229

Now that passwordless SSH is set up between your Ansible server and both Test servers, you're all set to manage them seamlessly with Ansible.

Method-2: Using Public Key (Using ssh-copy-id with -o IdentityFile)

ssh-copy-id -f "-o IdentityFile <PATH TO PEM FILE>" ubuntu@<INSTANCE-PUBLIC-IP>

The purpose of this command is to use ssh-copy-id to copy your SSH public key from the local machine (in this case, your Ansible server) to a remote instance (e.g., Test-Server-1 or Test-Server-2). This command enables passwordless SSH by adding the public key to the authorized_keys file on the remote server.

• ssh-copy-id: This is the command used to copy your public key to a remote machine.

• -f: This flag forces the copying of keys, which can be useful if you have keys already set up and want to overwrite them.

• "-o IdentityFile ": This option specifies the identity file (private key) to use for the connection. The -o flag passes this option to the underlying ssh command.

• ubuntu@: This is the username (ubuntu) and the IP address of the remote server you want to access.

Purpose

Using ssh-copy-id with this syntax:

1. Authenticates with the PEM key: It allows you to authenticate initially using the PEM key, which is necessary if you haven't set up passwordless access yet.

2. Copies your SSH public key: It copies your Ansible server’s public key (id_rsa.pub) to the authorized_keys file on the remote instance.

3. Enables Passwordless SSH: After running this command, you should be able to SSH into the remote instance without using the PEM key or entering a password.

Example

If your PEM file is at /home/ubuntu/linuxkey.pem and the instance IP is 3.89.232.151, the command would look like this:

ssh-copy-id -f "-o IdentityFile /home/ubuntu/linuxkey.pem" ubuntu@3.89.232.151

After executing this command, you should be able to log into the remote instance with just:

ssh ubuntu@3.89.232.151

This method is useful for setting up passwordless SSH in cases where you need initial access through a PEM file.

Method 3: Enabling Password-Based SSH Authentication:

• You would SSH into Test-Server-1 or Test-Server-2 using the linuxkey.pem file.

• Then, on each Test server, modify the SSH configuration file (/etc/ssh/sshd_config.d/60-cloudimg-settings.conf or /etc/ssh/sshd_config) to enable password-based authentication.

• Restart the SSH service on each Test server to apply the changes.

1. Edit SSH Configuration: Open the file /etc/ssh/sshd_config.d/60-cloudimg-settings.conf (or the main SSH config file /etc/ssh/sshd_config if the other file doesn’t exist) on the remote server:

sudo nano /etc/ssh/sshd_config.d/60-cloudimg-settings.conf

2. Set PasswordAuthentication to yes: Find the line with PasswordAuthentication and change it to:

PasswordAuthentication yes

• If the line is missing, add it to the file.

• This setting enables SSH access using a password instead of requiring an SSH key.

3. Restart SSH Service: After editing the configuration file, restart the SSH service to apply the changes:

sudo systemctl restart ssh

4. Login Using Password: Once this is done, you can log in to the remote server using a username and password, without needing an SSH key. This is useful in situations where you may not have SSH keys available or prefer a password-based approach for access.

The password used in password-based SSH login would be the Linux user account password on the remote machine (in this case, Test-Server-1 and Test-Server-2).

For example:

• If the username on the Test server is ubuntu, then the password you’d enter would be the password for the ubuntu user account on that machine.

• For cloud instances (like AWS EC2), password authentication is usually disabled by default for security reasons, so you may need to set a password for the user if one is not already set.

Steps to Set or Change the Password (if needed)

1. Set a Password for the User: If you don’t already have a password for the user (e.g., ubuntu), you can set it by running:

    sudo passwd ubuntu
   

2. Log in Using the Username and Password: After enabling PasswordAuthentication in the SSH configuration and restarting the SSH service, you can log in from your Ansible server as follows:

    ssh ubuntu@<Test-Server-IP>
   

3. Then, you’ll be prompted to enter the password you set for the ubuntu user.

This allows you to log in using just the username and password instead of an SSH key. However, keep in mind that key-based authentication is generally more secure than using passwords, especially in production environments.

Key Points of Method 3:

• Password-Based Access: Enables access using a password, which might be useful for temporary or initial access.

• Less Secure: Password-based access is generally considered less secure than key-based access, as passwords can be easier to guess or brute-force.

• Quick Setup: It’s straightforward and doesn’t require generating or copying SSH keys, but it’s generally used when key-based access is unavailable or for one-time configurations.

Comparison with Key-Based Methods: