Grant or Revoke SSH instructions :
ansible-playbook -i inv -e "action=grant" ssh.yml
[WARNING]: Found variable using reserved name: action
PLAY [servers] ******************************************************************************************************************************************************
TASK [ssh-access : Add new user] ************************************************************************************************************************************
changed: [server1]
changed: [server2]
TASK [ssh-access : Grant user SSH access] ***************************************************************************************************************************
changed: [server1]
changed: [server2]
TASK [ssh-access : Revoke user's SSH access] ************************************************************************************************************************
skipping: [server1]
skipping: [server2]
TASK [ssh-access : Remove the user] *********************************************************************************************************************************
skipping: [server1]
skipping: [server2]
PLAY RECAP **********************************************************************************************************************************************************
server1 : ok=2 changed=2 unreachable=0 failed=0
server2 : ok=2 changed=2 unreachable=0 failed=0
ansible-playbook -i inv -e "action=grant" ssh.yml --skip-tags=add
ansible-playbook -i inv -e "action=revoke" ssh.yml --skip-tags=remove
ansible-playbook -i inv -e "action=revoke" ssh.yml
[WARNING]: Found variable using reserved name: action
PLAY [servers] ******************************************************************************************************************************************************
TASK [ssh-access : Add new user] ************************************************************************************************************************************
skipping: [server1]
skipping: [server2]
TASK [ssh-access : Grant user SSH access] ***************************************************************************************************************************
skipping: [server1]
skipping: [server2]
TASK [ssh-access : Revoke user's SSH access] ************************************************************************************************************************
changed: [server1]
changed: [server2]
TASK [ssh-access : Remove the user] *********************************************************************************************************************************
changed: [server1]
changed: [server2]
PLAY RECAP **********************************************************************************************************************************************************
server1 : ok=2 changed=2 unreachable=0 failed=0
server2 : ok=2 changed=2 unreachable=0 failed=0
[dev@ip-10-0-2-106 ~]$ ssh 10.0.1.6
Last login: Wed May 1 15:06:34 2019 from ip-10-0-2-106.ec2.internal
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2018.03-release-notes/
[dev@ip-10-0-1-6 ~]$
- Please make sure to add IPs or DNS of target servers in inv file.
- Update the variable "user_name" and "user_des" in inv file.
- Create a directory under "keys" directory having the same name as "user_name" and put its SSH public key in it.
- Setup a user (in my case - ec2-user) who should have passwordless access to both the servers in order to run our ansible scripts.