SSH Keys and DNS Resolution
Full-Access Members Only
Sorry, this lesson is only available to Server Academy Full-Access members. Become a Full-Access member now and get instant access to this and many more premium courses. Click the button below and get instant access now.
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lesson, you will learn about setting up DNS entries and SSH key authentication for Ansible-managed nodes. By the end of this lesson, you will be able to create DNS entries in the hosts file for your managed nodes and Ansible controller, generate an SSH key pair, deploy it to your managed nodes, and verify SSH connectivity from the Ansible controller to the managed nodes.
Setting Up DNS Entries
DNS (Domain Name System) resolution is crucial for network communication. In many cases, especially in test environments, you might need to manually set up DNS entries. We'll start by adding entries to the /etc/hosts
file on the Ansible controller for managed-node-1
, managed-node-2
, and the ansible-controller
itself.
Open the /etc/hosts
file on the Ansible controller with a text editor. You will need root or sudo privileges to edit this file:
nano /etc/hosts
Now add the following to at the bottom of your hosts file:
# Ansible nodes
192.168.1.200 managed-node-1
192.168.1.201 managed-node-2
Save the file and exit the editor. This allows us to use the name managed-node-1 instead of remembering and typing its IP address, 192.168.1.200. It will come in handy later!
Creating an SSH Key Pair
SSH keys provide a secure way of logging into a server without using a password. Let's generate an SSH key pair on the Ansible controller. Run the following command to generate an SSH key pair:bash
ssh-keygen -t rsa -b 4096
When prompted, you can press Enter to use the default file location. Optionally, set a passphrase for additional security.
Deploying the SSH Key
Next, we'll deploy the public key to managed-node-1
and managed-node-2
. This will allow the Ansible controller to SSH into these nodes without a password. We will use the ssh-copy-id
command to copy the public key to each managed node. Replace username with the actual username on the managed nodes:
Replace paulh with the actual username you set up when installing the OS on the VMs
ssh-copy-id paulh@ansible-controller
ssh-copy-id paulh@managed-node-1
ssh-copy-id paulh@managed-node-2
You will be prompted to verify the key fingerprint of each server, and enter the password for each managed node. Type yes
when you receive these prompts (you should receive two of them):
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
And type in the password you used when you installed the OS on the respective VMs when prompted. If all went well, you should see a message like following for all three servers:
paulh@managed-node-1's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'paulh@managed-node-1'"
and check to make sure that only the key(s) you wanted were added.
You may have noticed that we copied our SSH key to the same server we were already SSH'd into. The reason for this is to set up the Ansible Controller using Ansible itself. Since Ansible will try to SSH into itself, it's necessary to prepare the SSH keys in advance, similar to how we would for other hosts.
Verifying SSH Connectivity
Finally, let's verify that you can SSH from the Ansible controller into each managed node without being prompted for a password.
SSH into managed-node-1
(replace paulh with your username):
ssh paulh@managed-node-1
If you're not prompted for a password and successfully log in, the key deployment was successful. Exit back to the Ansible controller:
exit
Repeat the SSH testing process for managed-node-2
, ansible-controller
and verify that you can SSH without entering a password.
Conclusion
You've successfully set up DNS entries for your Ansible environment, created an SSH key pair, deployed it to your managed nodes, and verified SSH connectivity. This setup is essential for efficient and secure Ansible automation.
Server Academy Members Only
Sorry, this lesson is only available to Server Academy Full Access members. Become a Full-Access Member now and you’ll get instant access to all of our courses.