Reputation: 1039
Ansible hash password not working
I have a variable with ansible_ssh_user and ansible_ssh_pass in my playbook global variable. I tried hashing my password with various method but I still couldn't ssh to my remote VMs. I have tried ansible_user and ansible_pass but still no luck. The following are methods I used and it all failed. I'm not sure what I am missing and hopefully some experts could help. When I use clear password, it works, but not hash. Here are the methods I've tried but still unsuccessful:-
1. mkpasswd --method=SHA-512
2. python -c "from passlib.hash import sha512_crypt;
print sha512_crypt.encrypt('<password>')"
3. # python
>>> import crypt
>>> crypt.crypt('<PASSWORD>', '$6$salt$')
4. cat /etc/shadow | grep <user>
Try to get the encrypted password but still not working
I have confirm my VM is using ENCRYPTED_METHOD SHA512. Nothing is working, appreciate if someone could help
Upvotes: 0
Views: 1725
Answers (2)
Reputation: 68449
I tried hashing my password with various method but I still couldn't ssh to my remote VMs
And for a good reason — to connect to a remote machine with an SSH protocol with password authentication you must provide a password, not a password hash.
In password authentication users provide passwords and systems process them. As one of security measures, systems store password hashes instead of passwords, so that in case of a breach, the passwords themselves do not get compromised.
If for some reason a system would allow authenticating users using a hash rather then password, it would be a huge security flaw (equal to storing passwords in clear).
If you really need to use password authentication, then Ansible Vault provides a way to protect the passwords. Otherwise use a public key authentication.
Upvotes: 3
Reputation: 131
It seems like you want access your VMs and do something using Ansible.
- Best practice to use Ansible, is to first setup a public-private key pair. https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
- Check whether SSH using key-pair is working fine. If it is, you can go ahead.
Now suppose if you want to access a host having IP 10.192.34.74. Add the following line to your inventory file:
10.192.34.72 ansible_ssh_private_key_file=/path/to/private/key/file
Now it should work.
Upvotes: 0
Related Questions
- Ansible password creation "The input password appears not to have been hashed"
- Ansible password_hash with variable
- Ansible - run playbook by providing sudo hash password
- Getting error when changing Ansible password
- password not being accepted for sudo user with ansible
- Ansible does not run without password file
- ansible created password for a user does not work for ssh sessions
- Ansible: How can I create a pw hash of a password set in ansible_vault file?
- Ansible: How to set password for a user? Having trouble encrypting the password
- Why Ansible ignores ansible_become_password variable?