
Use per-host SSH key pairs on AWX and Ansible Automation Controller
September 18, 2023
One of the aspects that I have always loved about Ansible is that it integrates very nicely with the rest of the system where it is running.
For example, you can easily configure all the SSH configurations directly by changing the ~/.ssh/config
file.
I’ve seen multiple cases where the SSH configuration file needs to be tweaked.
A case that comes up occasionally is an environment configured in a way that requires Ansible to use a different SSH key for each machine it manages.
I’m aware that this is not an ideal setup since it is not increasing the security as much as the person who came up with such a rule was expecting.
Still, it is a requirement that some companies have for various historical reasons and, usually, it is impossible or impractical to challenge.
However, the same process applies to any other SSH connection tweaking that can be performed in the SSH configuration file, such as proxies, ciphers, host checks, etc.