weareinteractive / ansible-ssh Goto Github PK
View Code? Open in Web Editor NEWAnsible role which configures ssh
License: MIT License
ansible-ssh's People
Contributors
Stargazers
Watchers
Forkers
infrastructure-wixproducts fleu42 mvanvuuren jpdicosola ofsole cloudninja42 bedotech napcae onny elmergonzalezb aruntheja-4 fusioncore15 stejoo 204cmansible-ssh's Issues
ssh_known_hosts blocks
I get errors for undefined values and I don't able to fix it.
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/lukas/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.15rc1 (default, Apr 15 2018, 21:51:34) [GCC 7.3.0]
Playbook
- hosts: all
roles:
- mrlesmithjr.chrony
- franklinkim.ssh
vars:
chrony_local_stratum: 10
chrony_ntp_servers:
- server: 'time.google.com'
options:
- option: 'iburst'
- option: 'minpoll'
val: 8
- server: '0.de.pool.ntp.org'
options:
- option: 'iburst'
- option: 'minpoll'
val: 8
- server: '0.fr.pool.ntp.org'
options:
- option: 'iburst'
- option: 'minpoll'
val: 8
- server: '0.at.pool.ntp.org'
options:
- option: 'iburst'
- option: 'minpoll'
val: 8
ssh_password_authentication: 'no'
Ouput
PLAY [all] **********************************************************************************************************************************************************************************
TASK [Gathering Facts] **********************************************************************************************************************************************************************
ok: [host.example.de]
TASK [mrlesmithjr.chrony : debian | Installing Chrony] **************************************************************************************************************************************
ok: [host.example.de]
TASK [mrlesmithjr.chrony : config_chrony | Configuring Chrony] ******************************************************************************************************************************
ok: [host.example.de]
TASK [franklinkim.ssh : Installing packages] ************************************************************************************************************************************************
[DEPRECATION WARNING]: Invoking "apt" only once while using a loop via squash_actions is deprecated. Instead of using a loop to supply multiple items and specifying `pkg: {{ item }}`,
please use `pkg: [u'openssh-server', u'openssh-client']` and remove the loop. This feature will be removed in version 2.11. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
ok: [host.example.de] => (item=[u'openssh-server', u'openssh-client'])
TASK [franklinkim.ssh : Configuring sshd] ***************************************************************************************************************************************************
ok: [host.example.de]
TASK [franklinkim.ssh : Registering known hosts] ********************************************************************************************************************************************
getaddrinfo ssh_known_hosts: Temporary failure in name resolution
failed: [host.example.de] (item=ssh_known_hosts) => {"changed": false, "item": "ssh_known_hosts", "msg": "No key specified when adding a host"}
to retry, use: --limit @/home/lukas/git/ansible/basics.retry
PLAY RECAP **********************************************************************************************************************************************************************************
host.example.de : ok=5 changed=0 unreachable=0 failed=1
I
Configuration depends on deprecated variables
Hi,
Some values in head (9c7c6aa) still appear to be populated by the legacy variables while some new settings don't appear to be used.
Controller is Debian 10, targets are Ubuntu 18.04
I'm still not entirely sure whats happening because some legacy variables (ssh_protocol doesn't appear to have an impact) DONT work sooo... not sure.
This configuration
ssh_config:
# Our preferences; note OSCAP recommend no to root
PermitRootLogin: 'yes'
PubkeyAuthentication: 'yes'
PasswordAuthentication: 'no'
# Defaults:
ChallengeResponseAuthentication: "no"
UsePAM: "yes"
X11Forwarding: "no"
PrintMotd: "no"
AcceptEnv: LANG LC_*
Subsystem: sftp /usr/lib/openssh/sftp-server
# OSCAP recommendations
ClientAliveInterval: 300
ClientAliveCountMax: 0
# We have an ssh v2 only version, but it fails us anyway...
Protocol: 2
Produces this output
# Ansible managed
Subsystem sftp /usr/lib/openssh/sftp-server
PubkeyAuthentication yes
UsePAM yes
PrintMotd no
Port 22
PasswordAuthentication yes
PermitRootLogin yes
AcceptEnv LANG LC_*
X11Forwarding yes
ChallengeResponseAuthentication no
Add ssh_password_authentication (with the rest of ssh_config the same)
# Managing SSH config per OSCAP
ssh_port: [22]
ssh_protocol: 2
ssh_password_authentication: 'no'
ssh_config:
# Our preferences; note OSCAP recommend no to root
[... etc ...]
Changes the configuration:
+++ after: /home/kgoetz/.ansible/tmp/ansible-local-36635k7Dvt/tmpR3UYxD/sshd_config.j2
@@ -8,7 +8,7 @@
Port 22
-PasswordAuthentication yes
+PasswordAuthentication no
PermitRootLogin yes
AcceptEnv LANG LC_*
X11Forwarding yes
changed: [...]
Any thoughts on what might be at play here?
thanks
Karl.
known_hosts.yml uses non existant sshknownhosts module
tasks/known_hosts.yml uses a module that doesn't exist in ansible:
- name: Registering known hosts
sshknownhosts:
ansible-playbook main.yml --limit=personal --start-at 'Configuring environment'
ERROR: sshknownhosts is not a legal parameter in an Ansible task or handler
Of the options currently on github this role looks the closest - is it the missing dependency?
https://github.com/bfmartin/ansible-sshknownhosts
Error when run with ansible 2.2
Hi,
Ansible 2.1+ have a bug in their library handling.
ansible/ansible#16561
The error returned is
ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.
The error appears to have been in '/Users/kgoetz/server-configuration-management/tproles/franklinkim.ssh/tasks/known_hosts.yml': line 3, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Registering known hosts
^ here
The work around/fix mentioned in the referenced bug report (updating your library path) worked for me so I would like to request it is added to the readme for the module.
ansible-playbook --version
ansible-playbook 2.2.1.0
config file = /Users/kgoetz/server-configuration-management/ansible.cfg
configured module search path = ['/opt/local/share/ansible', './library']
thanks,
One or more undefined variables: 'host' is undefined
Hi there,
This error is being thrown by the "bfmartin.ssh_known_hosts | Manage ssh_known_hosts file" but the host value is coming from the known_hosts.yml task in this plugin.
It appears that the bfmartin package is being passed an empty host value.
Here is the playbook:
---
- hosts: all
sudo: yes
roles:
- franklinkim.apt
- franklinkim.timezone
- franklinkim.users
#- franklinkim.users-oh-my-zsh
- franklinkim.sudo
- franklinkim.ssh
vars_files:
- vars/ssh.yml
- vars/users.yml
- vars/apt.yml
vars:
timezone: 'America/Los Angeles'
vars_file .ssh:
---
ssh_port:
- 22
ssh_permit_root_login: 'no'
ssh_pubkey_authentication: 'yes'
ssh_password_authentication: 'yes'
ssh_known_hosts:
- github.com
I have also tried:
---
ssh_port:
- 22
ssh_permit_root_login: 'no'
ssh_pubkey_authentication: 'yes'
ssh_password_authentication: 'yes'
ssh_known_hosts: []
As I do not really need any known hosts at this time.
Thank you for any help you can provide.
ERROR: sshknownhosts is not a legal parameter in an Ansible task or handler
Hi there,
I am receiving this error when using this role.
Thanks
Permit root login should default should not be 'yes'
Seems like the sort of thing which should always be opt-in instead of opt-out.
How about 'prohibit-password' as an alternative?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.