getting error when using ansible Kerberos - ansible

I create 2 servers, windows and Linux. Linux is for ansible runner machine, windows as host machine.
Through the Linux ansible machine, login to host windows machine and install tools. In Linux ansible machine installed all tools, windows host machine is domain joined, but not for Linux. we don't have domain join for Linux. Now I'm trying to authenticate with Kerberos. I'm getting some errors.
Kerberos ref link I used: (user authentication process)
https://docs.ansible.com/ansible-tower/3.3.1/html/administration/kerberos_auth.html
see above screenshot, I added Kerberos config file, and run kinit command.
How to config Kerberos in ansible, Kerberos need VM domain join or not?
No active directory accounts to authenticate, only VM username and VM password. what is the process to config VM username and VM Password in Kerberos config file, and login to host machine.
Please help me on this.

For me your KDC is wrong.
You need to go on your windows host. Open a command line and enter the following command :
nslookup -type=srv _kerberos._tcp.WSUS.COM
Expected result :
priority = 0
weight = 100
port = 88
svr hostname = REALKDC
Change your KDC in krb5.conf by REALKDC.
And now your kinit command will work normally.
Don't forget to use a username which exist in your AD :
kinit myuser

Related

WSL intergration with ADS login credentials

I've installed WSL ubantu flavor, Installed Ansible and sutable linux packages on it. Thought of running the playbook from WSL by passing our organization hosts details in hosts file of ansible. But WSL(ubantu) login is not configured with our ADS credetails to execute passwordless ssh. But WSL is installed in oganization network. How we can achive this intergration
I tried with gateway host which establish passwordless ssh to connect respective hosts which is defined in ansible hosts file. similar way trying to achive from WSL, created proxy to bypass the connection. But ADS login is blocker for this.
Invoke-WebRequest -Uri https://aka.ms/wsl-debian-gnulinux -OutFile distro.zip -UseBasicParsing
Expand-Archive distro.zip debian
cd distro
.\debian.exe (edited)

scp from remote server to ec2-instance

I want to copy a folder from remote ubuntu to ec2-instance tried the below at remote ubuntu machine
scp -i </path/of/ec2_pemkey> -r <folder that I wanna copy> user#<ip of ec2>:/path/where/I wanna/copy
I copied my pem to remote and changed permissions chmod 400
error: connection timed out
The Connection Time out means that your local can't be able to reach the remote.
to debug :
Check if your remote machine authorize traffic from port 22 ( Security Group)
Check if You have the good public IP of your machine
If its was an error with your pem key or user (ubuntu) you will receive an access denied error.
From you comment, that means its was the IP of the machine missing or not good.
I missed adding ip address of my remote ubuntu machine to security groups of my ec2 instance. Once done, I was able to scp from remote ubuntu to ec2 instance.
Make sure security group type is SSH which enables port 22

How to build Ansible Playbook without username/password

I am new to Ansible and started learning and working on Ansible Playboks especially on network automation. Part of our hosting infra, inorder to login to any device we have default script runs to ssh into the device, something like goto . Hence no need to give any username and password, it directly logs into the device.
How we can include this customization in Ansible playbook without using any username or password.
Ansible supports using ssh keys.
Confirm that you can connect using SSH to all the nodes in your inventory using the same username. If necessary, add your public SSH key to the authorized_keys file on those systems.
Refer to documentation here
Also, it is a good idea to read the 'getting started' page
You will still need to supply a Username, that the SSH Key belongs to:
Guide on Setting up an SSH key for a Linux User: Here
Once SSH Key is configured and Copied over to your Ansible Server:
Edit the Sudoers File on the Slave Node and set NOPASSWD for the user, that way your user won't be prompted for a password when you are duing Sudo Commands: Reference Here

SSH - Linux to Windows Server 2016

We installed OpenSSH using github on a Windows Server 2016. Everything works great except passwordless login. Here's the scenario:
Domain-joined CentOS server trying to SSH into Domain-joined Windows Server 2016 with OpenSSH using domain credentials.
On Centos server:
log in with domain user "user"
ssh-keygen -t rsa
key saved in /home/user/.ssh/id_rsa
On Windows Server
Copy id_rsa.pub entry from Centos server into "authorized_keys" file for user on Windows box (C:\Users\User\.ssh\authorized_keys). Save the file.
On Centos Server:
while logged in as domain user "user"
ssh user#WindowsServer
accept into known_hosts
get prompted for password
In theory, we shouldn't get prompted for a password, but we do. Any ideas?

Ansible connectivity from Control Host to Remote Host : Alternate to Passwordless SSH

We are in the midway of implementing Ansible CI for app deployment. For connecting the Remote host from Control Host , we used passwordless SSH authentication (by adding SSH key to authorized_keys).
But with recent changes, Unix team not allowing this any more on higher env as corporate unix policy. So have to use the password way.
The user with which Ansible running & connecting to Remote machine is a sudo user & does not have a password for itself.
So in this case, how do we connect from Control Host to Remote host, without the SSH key?
while running the ansible playbook we get an option to provide the user using which we can do ssh --user . Also the same configuration can be achieved by providing the configuration in the inventory file.
ansible_user=<user_name>
For password you can use vault
I am editing the answer to provide info that we can use other user than the one with which ansible is installed. You can create a new user which has password or passwordless authentication setup.
Hope so this helps.
Cheers,
Yash

Resources