Is it safe to use Ansible to run playbooks on untrusted hosts?

Hi guys! I’m considering creating a simple service that helps users set up some software on servers. I’d like to use Ansible for this, but I’m not very familiar with Ansible. The plan is to load the inventory and SSH keys dynamically for each user, connect and run my playbooks.

They questions I have about this is:

  • Is this completely safe to do, or is there any chance of compromise of the machine that connects to the servers?
  • Exactly what data does Ansible share with the servers it connects to?

I really appreciate if someone with good knowledge of this can answer or point me in a direction where I can find the answers. Thanks! :slight_smile:


It should be safe, assuming you don’t do things to compromise that (for example, you could use the return value of a module executed on a remote server to write files to paths on the controller that are provided by the module’s result - that would allow the remote server to overwrite arbitrary files the user running ansible on the controller has access to).

Besides that, it should not be possible. I’m using should here, since it is always possible that there are bugs. There could be bugs in SSH that allows the remote host to do something bad on hosts connecting to it, there could be a bug in ansible-core that allows remote hosts to do something like that (one such bug has been found in the past and got fixed - I found 1968412 – (CVE-2021-3583) CVE-2021-3583 ansible: Template Injection through yaml multi-line strings with ansible facts used in template. and Path Traversal in Ansible · CVE-2020-1735 · GitHub Advisory Database · GitHub, I think that were the most from the last years). There could be more not yet found bugs in the modules/plugins you are using that allow such things to happen.

And obviously, you always have to care about which data you actually send to a remote system. Modules are by default executed on the remote system (if you don’t use delegate_to: localhost or the local connection), so if you pass on secret data as a module parameter to be run on a remote system, the remote system could intercept that secret. If it’s a secret the remote system knows anyway or is allowed to know, that’s not a problem. But for example if you need to update a DNS entry and you run the DNS update module on the remote machine instead of localhost, your DNS credentials could get hold of by the remote machine. (The only exception is if the module must be run on the remote machine as otherwise the API cannot be reached, for whtaever reason - but then you have to make sure you trust that remote machine enough to pass the information there.)

So, to bome back to your two questions:

  1. Connecting to other machines is never completely safe. There’s always the chance of bugs not yet found that allow the remote side to exploit you.

    You can always minimize the risk by running the connection to the remote machine from a container, which contains the minimal amount of data needed to accomplish the task, and extract the information you need to store as a result of that task from the container as safe as possible.

  2. Generally if you run a module on a remote, the module’s code and the task parameters are sent to the remote machine, and the module is executed there with these parameters.

    This only holds true for modules with the default action plugin though: once you have a specialized action plugin, that plugin can do some preprocessing on the controller and send whatever it wants over to the remote. This is for example used by the template module to template the file on the controller, and only send over the result to the remote (that means that the variables needed to template don’t have to be sent over! - and you don’t need Jinja2 on the remote). But badly written action plugins can obviously also pass things on to the remote you don’t expect.

    The modules coming with ansible-core don’t do that, but if you look at the whole of Ansible community distribution, for example, which consists out of a large set of collections with many more modules and also action plugins, it could be possible that some of them do stupid things. So you want to do some review for all modules that you actually want to execute on remotes (and check whether other action plugins are involved in executing them).