Skip to main content

Ansible user ssh sudo PermitRootLogin disabled [Resolved]

i got this working without a problem when the remote serveur doesn't have the ssh parameter :

PermitRootLogin yes

My working ansible command:

[ansible@myansible ~]$ ansible remoteserveur -a "cat /etc/sudoers"

I want to change the ssh parameter on all my servers to PermitRootLogin no for the security. When this is done, it's no more working.

UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).",
    "unreachable": true

How could i keep my ansible's user being a normal user and having the possibility via ansible to run command as root.

Many thanks for your attention.


Question Credit: Peutre
Question Reference
Asked September 19, 2019
Posted Under: Unix Linux
16 views
2 Answers

Are you sure you do not have "become: yes" directive in your Ansible playbook? This directive is responsible for privileged access for the Ansible agent.

https://docs.ansible.com/ansible/latest/user_guide/become.html


credit: Nikolay Kirov
Answered September 19, 2019

Many thanks Nikolay, it gave me the good way to resolve the problem. I finaly use :

ansible-playbook permitrootlogin.yml -b -K

-b for "become" and -K "ask for privilege escalation password"

TASK [Disallow root SSH access] ******************************************************************************************************************************************************
ok: [server1]
ok: [server2]

credit: Peutre
Answered September 19, 2019
Your Answer