We Keep Coding

How to automatically setup SSH key pass on first ansible command run for each new server?

Today I started learning ansible and first thing I came across while trying to run the command ping on remote server was
192.168.1.100 | UNREACHABLE! => {
"changed": false,
"msg": "(u'192.168.1.100', <paramiko.rsakey.RSAKey object at 0x103c8d250>, <paramiko.rsakey.RSAKey object at 0x103c62f50>)",
"unreachable": true
}
so I manually setup the SSH key, I think I faced this as no writeup or Tutorial by any devops explains the step why they don't need it or if they have manually set it up before the writing a tutorial or a video.
So I think it would be great if we can automate this step too..

If ssh keys haven't been set up you can always prompt for an ssh password
-k, --ask-pass ask for connection password

I use these commands for setting up keys on CentOS 6.8 under the root account:
cat ~/.ssh/id_rsa.pub | ssh ${user}#${1} -o StrictHostKeyChecking=no 'mkdir .ssh > /dev/null 2>&1; restorecon -R /root/; cat >> .ssh/authorized_keys'
ansible $1 -u $user -i etc/ansible/${hosts} -m raw -a "yum -y install python-simplejson"
ansible $1 -u $user -i etc/ansible/${hosts} -m yum -a "name=libselinux-python state=latest"
${1} is the first parameter passed to the script and should be the machine name.
I set ${user} elsewhere, but you could make it a parameter also.
${hosts} is my hosts file, and it has a default, but can be overridden with a parameter.
The restorecon command is to appease selinux. I just hardcoded it to run against the /root/ directory, and I can't remember exactly why. If you run this to setup a non-root user, I think that command is nonsense.
I think those installs, python-simplejson and libselinux-python are needed.
This will spam the authorized_keys files with duplicate entries if you run it repeatedly. There are probably better ways, but this is my quick and dirty run once script.
I made some slight variations in the script for CentOS 7 and Ubuntu.

Not sure what types of servers these are, but nearly all Ansible tutorials cover the fact that Ansible uses SSH and you need SSH access to use it.
Depending on how you are provisioning the server in the first place you may be able to inject an ssh key on first boot, but if you are starting with password-only login you can use the --ask-pass flag when running Playbooks. You could then have your first play use the authorized_key module to set up your key on the server.

how does fabric execute commands?

i am wondering how does fabric execute commands.
Let's say I give him env.user=User, env.host=HOST. Then i ask him to sudo('ls')
Is that equivalent to me typing in a shell : ssh User#host 'sudo(/bin/ls)'
or it's more : ssh User#host in a first time, then sudo ls commande in a seconde time ?
I'm asking that because sometimes using a shell, if the TTY has a bad configuration (I am a bit blurry on this), ssh User#Host 'sudo /bin/ls'
return : sudo: no tty present and no askpass program specified
but you can first log in with ssh User#Host then sudo ls and it works.
I don't know how to replicate the no tty error, but I know it can occurs. Would this block the sudo commande from Fabric?

Basically how it works is:
First a connection is established (equivalent as doing ssh User#host)
Over this connection a command is executed as follows:
sudo -S -p 'sudo password:' /bin/bash -l -c "your_command"
You can also allow Fabric not to request a pty with either pty=False argument, env.always_use_pty=False or --no-pty commandline option.

SSH to remote server node and change directory

I wanted to achieve the following task:
step 1: ssh to the remote server
step 2: ssh to a node connected to that server
step 3: change to a particulat directory of that node
I was looking for a ssh one liner and issued the following command
ssh -t -t user#remote.server "ssh node; cd /my/directory/"
However, the last cd command did not work. I am still in my home
directory of the node in remote server. I tried to remove the ";" part,
and issued the following one liner:
ssh -t -t user#remote.server "ssh node cd /my/directory/"
No success. The message was "Connection to remote.server closed"
I was wondering whether it is possible to achieve this task
using an ssh one liner.
Thanking you in advance for your inputs

I was close and could have played around a little bit more.
This page helped, and apparently the following syntax worked:
ssh -t user#remote.server "ssh -t node 'cd /my/directory/ ; bash'"
However, I do not understand the role of the "bash" part.

Screen "Must be connected to a Terminal."

I'm on a Debian OS.
I'm trying to use screen under a SSH session. But when I'm trying to run the command
screen
the shell answer me :
Must be connected to a Terminal.
If I enter
tty
it answer me :
Not a tty
I don't know why and I try
ssh -t login#server
it doesn't work..
Please help me I really need this !
Thanks
EDIT :
I read this topic but it still doesn't work

I had the same problem. If you get this error while in a chroot, here is what helped me:
(run these commands from outside the chroot)
$ sudo mount -o bind /dev /home/chroot/dev
$ sudo mount -t proc proc /home/chroot/proc
$ sudo mount -t devpts devpts /home/chroot/dev/pts
/home/chroot being the path to your chroot, obviously. Update above commands accordingly.
source: http://www.howtoforge.com/forums/showthread.php?t=23583#post128768
(see also http://forums.gentoo.org/viewtopic-t-433006-start-0.html)

Try the following:
getty tty
...and then relaunch:
screen
If you don't have getty, you could try installing it:
apt-get install getty

set environment variable SSH_ASKPASS or askpass in sudoers, resp

I'm trying to login to a ssh server and to execute something like:
ssh user#domain.com 'sudo echo "foobar"'
Unfortunately I'm getting an error:
sudo: no tty present and no askpass program specified
Google told me to either set the environment variable SSH_ASKPASS or to set askpass in the sudoers file. My remote machine is running on Debian 6 and I've installed the packages ssh-askpass and ssh-askpass-gnome and my sudoers file looks like this:
Defaults env_reset
Defaults askpass=/usr/bin/ssh-askpass
# User privilege specification
root ALL=(ALL) ALL
user ALL=(ALL) ALL
Can someone tell what I'm doing wrong and how to do it better.

There are two ways to get rid of this error message. The easy way is to provide a pseudo terminal for the remote sudo process. You can do this with the option -t:
ssh -t user#domain.com 'sudo echo "foobar"'

Rather than allocating a TTY, or setting a password that can be seen in the command line, do something like this.
Create a shell file that echo's out your password like:
#!/bin/bash
echo "mypassword"
then copy that to the node you want using scp like this:
scp SudoPass.sh somesystem:~/bin
Then when you ssh do the following:
ssh somesystem "export SUDO_ASKPASS=~/bin/SudoPass.sh;sudo -A command -parameter"

Another way is to run sudo -S in order to "Write the prompt to the standard error and read the password from the standard input instead of using the terminal device" (according to man) together with cat:
cat | ssh user#domain.com 'sudo -S echo "foobar"'
Just input the password when being prompted to.
One advantage is that you can redirect the output of the remote command to a file without "[sudo] password for …" in it:
cat | ssh user#domain.com 'sudo -S tar c --one-file-system /' > backup.tar

Defaults askpass=/usr/bin/ssh-askpass
ssh-askpass requires X server, so instead of providing a terminal (via -t, as suggested by nosid), you may forward X connection via -X:
ssh -X user#domain.com 'sudo echo "foobar"'
However, according to current documentation, askpass is set in sudo.conf as Path, not in sudoers.

How about adding this in the sudoers file:
user ALL=(ALL) NOPASSWD: ALL