Define ssh key per host using ansible_ssh_private_key_file nixCraft

I set up SSH keys on a Linux or Unix as per my project needs and cloud hosting providers. I also new to Ansible IT automation and DevOps tool. My management node has keys for Linode, AWS/EC2 and Google cloud. How do I set up and tell Ansible to use different ssh keys? How do I configure SSH credentials per cloud hosting service provider?

Ansible is a free and open source IT software that automates software provisioning, configuration management, and application deployment. One can use Ansible to create cloud hosts in EC2, patch servers, add users, configure routers/firewall and more. Ansible uses SSH which allows users and ansbile too; to log in to remote servers and perform management tasks. This page shows how to already setup SSH keys to log in into remote server using Ansible IT automation tool.

Ansible define ssh key per host using ansible_ssh_private_key_file

You need to use ansible_ssh_private_key_file in inventory file. The syntax is pretty simple:

host ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/ ansible_ssh_private_key_file=/path/to/your/.ssh/aws.pem

ansible_ssh_private_key_file example

Let us open a file named hosts in ~/projects/ansible/hosts using a text editor such as vim command:
$ vim ~/projects/ansible/hosts
Sample file:

[my_servers] ansible_ssh_private_key_file=/home/vivek/.ssh/ ansible_ssh_private_key_file=~/.ssh/Lightsail-us-west-2.pem
www1 ansible_ssh_private_key_file=~/.ssh/
vpn-box1 ansible_ssh_private_key_file=~/.ssh/

Another example:

## Ansible with multiple SSH key pair as per server hosting ##
www1-li ansible_ssh_private_key_file=/path/to/file
www2-li ansible_ssh_private_key_file=/path/to/file [aws]
www1-aws ansible_ssh_private_key_file=/path/to/file
www2-aws ansible_ssh_private_key_file=/path/to/file [google_cloud]
www1-gcp ansible_ssh_private_key_file=/path/to/file
www2-gcp ansible_ssh_private_key_file=/path/to/file

It is possible to group it as follows:

www1-li www2-li [aws]
www2-aws [google_cloud]
www2-gcp [linode:vars]
ansible_ssh_private_key_file=/home/vivek/.ssh/ [aws:vars]
ansible_ssh_private_key_file=/home/vivek/.ssh/aws-ec2-usa-east.pem [google_cloud:vars]
ansible_ssh_private_key_file=/home/vivek/.ssh/google_compute_engine.pem [freebsd]
aws_freebsd_3 [freebsd:vars]

How to dry run and test your inventory or playbooks

You can ask Ansible not to make any changes; instead, try to predict some differences in those files:
$ ansible-playbook -i hosts my-book.yml --check
$ ansible freebsd -i hosts --list-hosts
$ ansible aws -i hosts --list-hosts
$ ansible google_cloud -i hosts --list-hosts

Ansible ansible_ssh_private_key_file example

A list of all ansible SSH connection config options

  1. ansible_port=2020 : The ssh port number, if not 22
  2. ansible_user=vivek : The default ssh user name to use.
  3. ansible_ssh_private_key_file=/path/to/ssh.pem : Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent.
  4. ansible_python_interpreter=/usr/local/bin/python : The target host python path


You learned how to use different or multiple SSH private keys for the servers you manage using Ansible tool. For more info see “List of Behavioral Inventory Parameters” here.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.


Posted by Web Monkey