Hi All,
Is it possible to provide the password of the private key on the command line extra vars or using the inventory. In the inventory we can provide the private key but not the password? can not use --ask-pass in the command since it would prompt for the password to be user provided. Needs to pass this password along with the private key. using this to execute an ansible script on a remote host.
Thanks.
Is this private key supposed to be used for connecting to a host
you're configuring (i.e. the password to a protected SSH key)?
Or is it used inside a task, to executed on a remote host (i.e.
*after* you've connected to it)?
Dick
Hi,
This is to connect to the remote host. I’m aware that we can do something similar to this,
ansible-playbook -i hosts.yml --private-key=private_key_path ansible_script.yml
also, I know we can use the private key in the inventory host_vars as ansible_ssh_private_key
but why ansible doesn’t provide a option to manage private_key’s password if it allows to use a private_key.
I'm speculating here, but I think it's because providing passwords
directly to ansible on the command line is more insecure than
necessary.
All password/authentication invocations (private keys, vault
passwords, password prompts) seem to be done either through a prompt,
or by pointing to a file containing the password.
So instead of supplying a password on the command line to use an
encrypted private key, you are encouraged to use a non-encrypted
private key.
Again, this is my guess...
Dick