Hi,
i am new to using ansible but i am excited about it.
Ansible is so powerful but one thing would make implementation easier for me.
I have some servers I need to connect to via an ssh-proxy.
So far I have not managed to make this possible with ansible.
The connection is done by ssh/scp according to the following pattern:
ssh %%@
Anybody have any idea how to do this with ansible?
Cheers,
Stefan
there was a mistake in the ssh command example. The right one is:
ssh %%@
Or if you have a recent enough OpenSSH (7.3), you can use ProxyJump,
which is much simpler:
# from
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
# .ssh/config
Host server2
HostName 192.168.5.38
ProxyJump user1@jumphost1.example.org:22
User fred
Richard
thanks for these suggestions but both seems not work for me.
What i call ssh-proxy does some more magic as a normal jump host.
On the proxy runs a ssh daemon that authenticates against ActiveDirectory and it has a connection to a password-safe.
If i open a connection from my client to a server (user1@myserver.example.com) i use the command:
ssh AD-User%user1%myserver.example.com@ssh-proxy.example.com
At the following password prompt i have to type in my AD-Password. The Proxy check if my AD-User is allowed to connect to myserver.example.com with user1.
If it is allowed it gets the password for user1@myserver.example.com out of the password-safe and use it to connect me to the server.
I don´t know and i don´t need to know the real password. It is completely managed by the password-safe.
I think what i need to do is to get ansible to pass the string
AD-User%user1%myserver.example.com (AD-User%RemoteUser%RemoteHost)
as the Username for a connection to ssh-proxy.example.com
My first idea was to do this in the inventory file like this:
[myserver]
myserver.example.com
[myserver:vars]
ansible_user=AD-User%user1%myserver.example.com
ansible_host=ssh-proxy.example.com
But it does not work.
Does anyone have another idea?
Stefan