If anyone ran into the issue of /usr/bin/ssh-copy-id: ERROR: No identities found while setting up passwordless authentication via public key, here is what I did Solution: I observed that there was no .ssh directory itself when I did ls -la ~ I used ssh-keygen command to create public key pair It will ask a few questions like Where you want to store the key file and enter passphrase etc. Since I wanted by default path in the .ssh directory which ssh-keygen command was creating, so I just hit enter command. After that , No identities found error got resolved but bad permission warning was there. I gave 600 to the pem file. Hope this works for guys facing No identities found error. Happy learning.😃
really you are a game changer i was facing a problem of password less authentication each and every time i need to pass the password for authentication after watching your lecture i got the solution and got one excuse to learn ansible from starting from your playlist😅
I am writing to request a dedicated video on the topic of passwordless authentication in Windows. As this concept is becoming increasingly popular and integral to cybersecurity, many beginners, including myself, find it quite confusing and challenging to understand and implement. Your clear and thorough explanations have always been incredibly helpful, and I believe a video from you on this subject would be invaluable. Specifically, it would be great if you could cover: The different methods available for passwordless authentication in Windows. Step-by-step instructions for setting up passwordless authentication. Common issues and troubleshooting tips.
I have some fear in Ansible . Part-2 remove all of my fears towards Ansible . Especially the difference between Modules & Arguments 😊♥ . Respect & love my bro !
16:20 Abhishek In Devops zero to hero series, Ansible - You showed us the different way of passwordless authentication where WE used to generate keys using ssh-key gen command in both master and managed nodes and then later we used to copy the public key of Master node and paste it in authorizedkeys file of Managed node. So now tell me which is correct way?
If you are on windows, you might encounter the issue - No identities found. This is because, ssh keys are not available on your machine. You can create them using ssh-keygen -t rsa
Hi, can you please make a video by making ec2 instance as master node because most of us are using the windows and trying to make ec2 as master node and getting stuck up in the initial stage itself.
After executed this cmd ssh-keygen -t rsa then what is the next steps to follow coz I am getting permission denied even though I have given full permission .. Could you please help . I am stuck in initial stage itself :(
Can you please make a video by taking ec2 instance as a master node because most of the people are getting confused while setting of ssh keys by ssh-keygen -t rsa and getting an error like source of key to be installed in a different folder.
Thanks bro for the layman/simple explanation of ansible really appreciate it. I come from a non devops background some people explain in a very high level which becomes difficult to understand. Eagerly waiting for the 3rd video hopefully you explain it by breaking up the structure of playbook yaml file on how the indentation, variables etc.. where & when they are used. Thanks again
Below are the queries As per the video we have give the password or ssh key first time to make the communication with ansible. Scenario1 - If you are setting up new organization and have 1000 VM machine. Then 1) How we make the entries into Inventory file automatically for huge count or is it possible without making entry manually? 2) For the first time running ssh key or pem file configuration, how is it possible to run the ssh- copy- id command one by one for huge count of servers? 3) Please add and explain the same scenario into video for windows VM also! One request : Please involve the 1 win and 1 linux server into entire training and perform the task on it !
In ansible, you can use dynamic inventory scripts Or we can also write some shell scripts which connects to AWS APIs and retrieves the Instance details and writes them to inventory file
Here’s a step-by-step approach to handle large-scale Ansible configurations with automated inventory management and SSH key distribution, including specifics for Windows VMs: Scenario 1: Setting Up a New Organization with 1000+ VMs When managing a large environment, automation is essential. Here’s how to streamline Ansible inventory creation and SSH key configuration at scale: 1. Automate Inventory File Creation Dynamic Inventory Plugins: Ansible has built-in support for dynamic inventory plugins (e.g., for AWS, GCP, Azure, OpenStack). These plugins automatically pull VM information (IP, hostname, etc.) from cloud providers based on tags, regions, or other metadata, saving you from manually updating the inventory file. For AWS: You can set up an aws_ec2 inventory plugin in your Ansible configuration. This way, the inventory file dynamically includes all instances in a particular region, which is especially useful for large-scale environments. Custom Script for On-Prem VMs: If your VMs are on-prem or don’t have a direct dynamic plugin, you could use a custom Python or Bash script to generate the inventory file by querying a source of truth (like a CMDB or an IP management system). Example AWS inventory configuration: yaml Copy code # aws_ec2.yml plugin: amazon.aws.aws_ec2 regions: - us-west-2 filters: tag:Environment: production Inventory Sources for Windows VMs: For Windows VMs in a cloud provider, configure the dynamic inventory plugin in the same way. Most plugins will detect Windows automatically based on VM metadata (like OS type). 2. Distribute SSH Keys at Scale Parallelized SSH Key Copying: To automate the process of distributing SSH keys, you can leverage Ansible’s authorized_key module. This lets Ansible push the SSH key to the target VMs, eliminating the need to run ssh-copy-id manually. This method is both automated and scalable for 1000+ VMs. Example Playbook for Key Distribution: yaml Copy code - name: Distribute SSH Key to All Hosts hosts: all become: yes tasks: - name: Add public key to authorized_keys ansible.builtin.authorized_key: user: # Replace with the appropriate user on the target VMs state: present key: "{{ lookup('file', '/path/to/public_key.pub') }}" Using a Bootstrap Script: For the first-time configuration, you can also use a simple shell or PowerShell script that copies SSH keys to the VMs. This script can be pushed to each VM via cloud provider features (like User Data in AWS EC2) or an orchestration tool. 3. Windows VM Configuration with Ansible WinRM Setup: Ansible uses WinRM (Windows Remote Management) to connect to Windows hosts. To set up SSH or password-based access on Windows, you’ll need to configure WinRM on each Windows VM. Bootstrap Script: For initial setup, create a bootstrap PowerShell script that: Enables and configures WinRM. Adds the necessary firewall rules for WinRM (port 5986 for HTTPS). Optionally installs OpenSSH server if SSH is preferred for Windows (available natively in Windows 10 and Windows Server 2019+). Example PowerShell Bootstrap Script: powershell Copy code # Configure WinRM for HTTPS winrm quickconfig -q winrm set winrm/config/service/auth @{Basic="true"} winrm set winrm/config/service @{AllowUnencrypted="true"} winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} After running this script, ensure your Ansible configuration file (ansible.cfg) includes WinRM settings for Windows hosts. Summary Using dynamic inventory plugins and automation scripts will make setting up and scaling Ansible for large environments more efficient. By leveraging authorized_key modules or bootstrap scripts, you can automate SSH or WinRM configurations, even in environments with mixed OS types, reducing the manual workload required for initial configuration.
@Abhishek.Veeramalla I have a small suggestion: if you could take a real-time example of what we will do on a day-to-day basis with this tool and explain it that way, it would be more helpful and easier to understand. Also, while giving interviews, we can explain things in an example way.
@Abhishek.Veeramalla As you told in this video about passwordless authentication, copying a.pem key (private kay to a managed node) is another option for connecting a managed node. If you suppose 100 managed nodes, you will configure it. because for each managed node, we can't copy like this. There should be a solution, right?
I have two question here. 1. once we did passwordless authentication after that if we turn off the instance and started it again the ip address of that instance will be changes so after that as well does password less authentication works..? 2. If we have 100 manage nodes that i am sshing through the password. so for the first time should i have to do ssh-copy-id for all the 100 nodes for one time..? or is there a way with sshpass we can do this?
As far I know 1. Using public address for instances , onces instances are stopped and restarted public IP address changes In inventory file manage node ip address is different to restarted manage node ip address. Control node unable to identify manage node and fail to connect. 2. If control node instance restarted the mange node which previously trusted control node ip address is different to restarted ip address authentication fail So use DNS name / static IP to avoid this
Hii Abhishek, Thank you for sharing such wonderful videos. I am learning about Ansible in detail through your content. I am currently unable to ping the host server. Do you have any suggestions to resolve this issue? Additionally, I have a suggestion: could you please share the history of the live classes?
6 місяців тому+2
so, if we install ansible in any one ec2 instance or in my local laptop is it going to be control node....? please justify 😇😇 bro
Anna u have explained ansible in devops-zero-to-hero series but haven't used .yml or init , u have just used vim inventory and also u have done a different passwordless authentication method .so whats the difference between these and which one should i follow ????? Ifelt ansible easy in devops-zero-to hero series .
Thank you Abhishek for this great concept . In this tutorial you have shown how to connect manage nodes from mac machine . What happens when we connect from ubuntu machine to manage nodes . Do we need to copy .pem file into ubuntu system for ssh-copy-id command while connecting manage nodes ?
Hey @Abhishek amazing session and just a small doubt if I have 100 diff do I need to use ssh-copy-id cus it needs manual intervention (we need to type yes) and for password authentication we need to enter password, is there any other way to establish connection that doesn't need any manual intervention?
Abhishek how can we automate the copying the ssh-keys into managed-nodes for example in future will get 100 servers i cant add them manually how to automate that also? i struck in this question so many interviews i gave like we will create the vm using sshe key copied ami but not satisfied on the top of it how about in onprime servers will do for copying the ssh keys.
@@AbhishekVeeramalla we can automate the copy-id with loop but how can we automate the changing the config of /etc/ssh/sshd_config file with passowrdauthentication to yes Actually i am new to ansible.
Hi Abhishek, Thanks for posting such amazing videos, in this video I have couple of doubts: 1. we are providing password for first time through password authentication, once after that all the manage node is going to allow commands from control node right. If control node got hacked manage nodes also got compromised under this attack. 2. We are creating two manage nodes in AWS and we are providing the public IP address in our inventory.ini file right, but after restart public IP will get changed right in that case we need to update the inventory.ini file with new public address each and every time? Can you please clarify this two questions for me.
Dear @Abhishek i'm facing this issue, i've gone through the above steps, still i couldnt able to connect with server from laptop - it shows -Public key (denied) after generating sshkeygen
Hello Abhishek, Do i use my local machine for this practice or continue using VS code where i have installed YAML and Ansible? How do i use my Windows local machine ? command prompt or Windows power shell? Thank you!
Hi Abhishek, if I'm planning to store my server details on host file what extension should I provide while creating it? I mean for inventory file we use inventory.ini right so what's for host file?
Hey buddy, no you do not need any pre-requisite but you should start your journey with DATE which stands for Devops zero to hero, then AWS/Azure 0 to hero and then Terraform 0 to hero. Then python 0 to hero and then comes the Ansible series
Is there any possibility to connect 50 manage Nodes in a group by using any command (or) ssh . otherwise we have to connect each manage node by copying the publickey to the manage node in authorized keys file in .ssh directory from control node. please clarify
lets say we have to configure 100 vm , then we have to connect through password less connection through ssh (or) by giving the password for each VM. My Question is we have any other option to connect multiple VM at a time rather than connecting each VM every time.
You can use the ssh-copy-id command as shown in day-2 of this series. If you have 100 nodes just put that command in a loop. You don’t have to do anything manual or login to any vm.
Your account is always helpful. Please, I just got my upcoming intern role changed from Devops to an IAC role that uses Ansible & Terraform. Would it be beneficial for me to finish the Devops course or review your Ansible & Terraform resources? Thank you sir.
Abhishek I think we might create a discord server as well so that we can discuss about the things like errors and other confusion in more details. So all the subscribers can interact with each other as well about the topic in deep.
Once the key pair is created for the instance, should it be disabled to get password authentication to work ? As we set as yes in sshd config file or even if the keys are active,then the password authentication works? . I have this doubt
Hi, can you please make a video by making ec2 instance or any linux as master node because most of us are using the windows and trying to make ec2 as master node and getting stuck up in the initial stage itself.
Hello sir, in the ssh-copy-id command, we are sharing private key (.pem) to remote instance. Generally we share public key (.pub) to remote and authenticate with private key. What exactly is happening here. Sorry if the doubt is lame 🙂🙂🙂
Hello @Abhishek.veeramalla , First of all thank you for your content . I have one question regarding Password less authentication using ssh method . In DevOps Zero to hero series you explain the password less authentication in different way and in this series Ansible zero to hero you explain in some different way .I am little bit confused can you please comment which is better to use.
@@AbhishekVeeramalla which one do you suggest...firstly to go for ansible in devops playlist or directly can start with this series ??
6 місяців тому+2
i am using one of the ec2 instance as control node, how should i specify path to pemfile. if it is A local system then we use ~/downlods/keypair.pem ubuntu@IP to connect manage node if it is ec2 instance how do we specify path i am unable to connect using ssh keys
If we have 1000's of manage nodes should we give all those ip addresses in inventory file. as it is very difficult to give 1000's of manage nodes ip addresses know ?
I am using one of the ec2 instance as control node, how should i specify path to pemfile. if it is A local system then we use ~/downlods/keypair.pem ubuntu@IP to connect manage node If it is ec2 instance how do we specify path? ii am unable to connect using ssh keys
@@AbhishekVeeramalla yeah did that but not working in ubuntu server as i am getting like Permission denied even though i have tried all the steps correctly and its working fine in Amazon linux Abhishek.
lets say my control Node,and my managed node are running on EC2 instance now i have stoped all this nodes now whenever i restart the instances will passwordless authentication work or i need to reconfigure as when we restart the instance the public IP get changes , so will i need to reconfigure the passwordless aunthentication or it will work and jst need to update inventory file with new ips of manges node
Mr. Ab, can you make a video on how to create these instances or virtual machines without using AWS because there are other companies that do not use cloud platform services.
Not able to copy the pem file to ec2 instance even though I tried to change the permission of the file and use -i , still getting /usr/bin/ssh-copy-id: ERROR: No identities found
Hi @Abhishek.Veeramalla, I am working on project mostly on Ansible automation. having a lots doubts, is there any way to connect with you and ask some questions personally.
@@AbhishekVeeramalla I was referring to setting the pem key under the host so that all the servers will be accessible or else we need to manually copy ssh to all the servers /etc/hosts [server-1] 10.1.1.139 [server-1:vars] ansible_user=ubuntu ansible_ssh_private_key_file=/opt/your.pem [server-2] 10.1.1.201 [server-2:vars] ansible_user=ubuntu ansible_ssh_private_key_file=/opt/your.pem ############################ also, pem should have only read permissions 400 and it should be copied to the Ansible machine
I copied my id_rsa.pub key from the control node to replace the initial keypair in the managed node of my EC2 instance, logged out of the managed node and can't logged back into the managed node separately. Question, does it mean I can't ssh into the managed nodes without going through the control node? Or, can I have both keypairs in the authorized_keys file to allow both ssh?
1. You can ssh into the managed node with the private key, which you have generated in the control node(id_rsa). The set of public and private keys will prove the identity when you are connecting to an ec-2 instance. 2. So if you have both pub keys in authorized_keys of manager node, you can ssh with both the pem files.
sir so i followed what u did but when i tried the password way from my laptop to ec2(target-node-2) it prompted with error saying key already exists and i was directly able to ssh ubuntu@ but the same thing when i did from ec2 (target-node-1) to ec2(target-node-2) this time it asked for the password
Hello Sir, In subsequent lessons pls discuss abt privilege escalation wrt root , become for some file level manipulation , as sudo access are not granted on old legacy servers Create separate playlist for ansible
when we are using this pem file, it is giving the no identities found error or permission denied(public key) even after giving the complete 777 permission to the pem file , i have installed the wsl and generated the rsa and ssh and some times given the error as no such file or directory found, but the file is available in that location
Hi Abhishek Good evening, I want to setup password less authentication for 100 servers, is there any way setup all servers at a time? Could you please explain this scenario.
Need help!!!!!! Im using windows machine, i have done all configuration in intellij, all the steps i fallowed whatever covered in the video. i could see ansible version in my terminal. Im getting bellow error no such identity No such file or directory ubuntu@ipadress: Permission denied (publickey). i generated keygen I have given chmod 600 . this error stopping me to go forward 😔
Hi, Abishek I have wsl on my windows laptop could you pls help me, I don't have any ec2 instances I Have added my personal laptop ip address in the inventory file not able to find .pem file need your assistance on this
Hi Abhishek , I am also getting error ERROR: No identities found while using ssh-copy-id command, I have even generated the public key in the id_rsa.pub. But I am still getting the same error while using ssh-copy id command. What to do next ? Please guide, TIA.
hi sir i facing some problem when i try to do ssh-copy-id in my wsl on my windows machine which show permission denied could suggest me solution for this thank you
Yes. I too have the same issue. Wsl linux can't able to locate the downloaded .pem file in windows. If anyone is aware of this. Please post an answer for this issue. It would be really helpful, because this is the basic of ansible and i am stuck with this issue.
Yaa vunai Anna but present calls takkuva vunai gaa...so meru oka 3 to 4 months daily videos updated ga chasta memu follow avutamu ga...calls vacha loga prepared ga vuntamu ani
Hi Abhishek, Can you please develop an updated series on Terraform, similar to the updated Ansible series? It would be highly beneficial for us. -- Thanks
Hi Abhishek could you pls make a video on complete CI/CD Deployment in kubernetes eks cluster with all the tools required in real time but with out Argo cd . And arifact version creation tool. It should be simple to explain in interview
@@AbhishekVeeramallaThank you Abhishek for your kind reply . Pls make a video on that because most of the interviewers are expecting this method and also it will be easy to explain in interviews also.Most of them can't explain other methods
Hello team.....can anyone help me.......when I put command ( sudo vim /etc/ssh/sshd_config.d/60-cloudimg-settings.conf ) it is showing blank.....??????
Sir I have a doubt. The command to enable passwordless authentication to a managed node on Ansible is ssh-copy-id -f "-o IdentifyFile . If there is a large number of managed nodes should we run this command for each and every node or how can we automate this. Can anybody reading this reply if you know the solution?
I created 2 ubuntu ec2 instance one is control and another is manage node. I installed ansible in control node but for password authentication whats the first command i need to enter. Please someone assist
Dear Abhi Bhai, I would like to transition my career from a non-IT field. I have 5 years of experience in a non-IT role. Then, I got a job as a Technical Support Engineer, and I have been working in this position for the past 9 months. Additionally, I have been learning DevOps for 1 year. How can I switch to a complete DevOps job with this previous experience From Karimnagar
![DevOps 2025 Roadmap by Abhishek Veeramalla [Updated]](http://i.ytimg.com/vi/lVLcM-GTDUU/mqdefault.jpg)
If anyone ran into the issue of /usr/bin/ssh-copy-id: ERROR: No identities found while setting up passwordless authentication via public key, here is what I did
Solution:
I observed that there was no .ssh directory itself when I did ls -la ~
I used ssh-keygen command to create public key pair
It will ask a few questions like Where you want to store the key file and enter passphrase etc.
Since I wanted by default path in the .ssh directory which ssh-keygen command was creating, so I just hit enter command.
After that , No identities found error got resolved but bad permission warning was there.
I gave 600 to the pem file.
Hope this works for guys facing No identities found error.
Happy learning.😃
Yeah, Thanks for sharing
This really helps! Thanks Alot Bruh!
Hai i am trying it's not working no identities found error is resolved by it is showing permission denied error
@@swamyd4590 Hi, did you give 600 permissions to the pem file ?
This was absolutely helpful. Thanks :)
really you are a game changer i was facing a problem of password less authentication each and every time i need to pass the password for authentication after watching your lecture i got the solution and got one excuse to learn ansible from starting from your playlist😅
This person deserves an award🏆. Best tutor on the internet .
Simple explanation ,so easy to understand.Have started following you recently,one of the best out there
Thanks and welcome
Back to back videos❤. Love this consistency
🔥
Non-Stop video series comes really you are a great fabulous trainer and sticked to consistency 👌🏻👌🏻
Thanks a ton
I am writing to request a dedicated video on the topic of passwordless authentication in Windows. As this concept is becoming increasingly popular and integral to cybersecurity, many beginners, including myself, find it quite confusing and challenging to understand and implement.
Your clear and thorough explanations have always been incredibly helpful, and I believe a video from you on this subject would be invaluable. Specifically, it would be great if you could cover:
The different methods available for passwordless authentication in Windows.
Step-by-step instructions for setting up passwordless authentication.
Common issues and troubleshooting tips.
I have some fear in Ansible . Part-2 remove all of my fears towards Ansible . Especially the difference between Modules & Arguments 😊♥ . Respect & love my bro !
The class is super!
Thanks alot sir for these golden Playlists🙏
16:20
Abhishek In Devops zero to hero series, Ansible - You showed us the different way of passwordless authentication where WE used to generate keys using ssh-key gen command in both master and managed nodes and then later we used to copy the public key of Master node and paste it in authorizedkeys file of Managed node.
So now tell me which is correct way?
If you are on windows, you might encounter the issue - No identities found.
This is because, ssh keys are not available on your machine. You can create them using
ssh-keygen -t rsa
Hi, can you please make a video by making ec2 instance as master node because most of us are using the windows and trying to make ec2 as master node and getting stuck up in the initial stage itself.
After executed this cmd ssh-keygen -t rsa then what is the next steps to follow coz I am getting permission denied even though I have given full permission .. Could you please help . I am stuck in initial stage itself :(
@@shreeshkr6530 bro use this command "chmod 600 pem-file-name.pem"
Replace pem file name with the path to the pem file loacation It definetly works!
Yes....me aslo getting the same kind of errors@@jegannathanmurugan606
Can you please make a video by taking ec2 instance as a master node because most of the people are getting confused while setting of ssh keys by ssh-keygen -t rsa and getting an error like source of key to be installed in a different folder.
Thank you so much for these videos. I got 2 job offers by following your channel
Amazing 🤩 Congratulations 🥳
Congratulations bro 🎉🎉🎉 . May I know how did you follow the order of the playlist?
Are you a fresher or experienced
@@reddysandeepreddy394 as and when videos were relaesed made sure to learn them in a few days
@@VillageFoodsAsmr around 1 year of exp
Thank you so much Abhishek for your wonderfull sessions...really you are a gods gift for us...espectially for the one who are willing to learn devops
Thanks bro for the layman/simple explanation of ansible really appreciate it. I come from a non devops background some people explain in a very high level which becomes difficult to understand.
Eagerly waiting for the 3rd video hopefully you explain it by breaking up the structure of playbook yaml file on how the indentation, variables etc.. where & when they are used. Thanks again
Glad it was helpful!
it will takes time to understand and recover the errors but for sure fine now to gain more experience on this topic thank you sir
Thanks Abhishek for this knowledge sharing in simple way❤
My pleasure 😊
i am very much impressed and continue to learn this with your help.! Thank you So Much
Below are the queries
As per the video we have give the password or ssh key first time to make the communication with ansible.
Scenario1 - If you are setting up new organization and have 1000 VM machine.
Then
1) How we make the entries into Inventory file automatically for huge count or is it possible without making entry manually?
2) For the first time running ssh key or pem file configuration, how is it possible to run the ssh- copy- id command one by one for huge count of servers?
3) Please add and explain the same scenario into video for windows VM also!
One request : Please involve the 1 win and 1 linux server into entire training and perform the task on it !
Adding to your question, Also need answer for how to update instances in private subnet which will not have public ip.
You can do this by creating shell script and pass file details where you have store IP address of machines
@@asttlejoseph224 you can achieve this by creating proxy server or make use of NAT gate way
In ansible, you can use dynamic inventory scripts Or we can also write some shell scripts which connects to AWS APIs and retrieves the Instance details and writes them to inventory file
Here’s a step-by-step approach to handle large-scale Ansible configurations with automated inventory management and SSH key distribution, including specifics for Windows VMs:
Scenario 1: Setting Up a New Organization with 1000+ VMs
When managing a large environment, automation is essential. Here’s how to streamline Ansible inventory creation and SSH key configuration at scale:
1. Automate Inventory File Creation
Dynamic Inventory Plugins: Ansible has built-in support for dynamic inventory plugins (e.g., for AWS, GCP, Azure, OpenStack). These plugins automatically pull VM information (IP, hostname, etc.) from cloud providers based on tags, regions, or other metadata, saving you from manually updating the inventory file.
For AWS: You can set up an aws_ec2 inventory plugin in your Ansible configuration. This way, the inventory file dynamically includes all instances in a particular region, which is especially useful for large-scale environments.
Custom Script for On-Prem VMs: If your VMs are on-prem or don’t have a direct dynamic plugin, you could use a custom Python or Bash script to generate the inventory file by querying a source of truth (like a CMDB or an IP management system).
Example AWS inventory configuration:
yaml
Copy code
# aws_ec2.yml
plugin: amazon.aws.aws_ec2
regions:
- us-west-2
filters:
tag:Environment: production
Inventory Sources for Windows VMs: For Windows VMs in a cloud provider, configure the dynamic inventory plugin in the same way. Most plugins will detect Windows automatically based on VM metadata (like OS type).
2. Distribute SSH Keys at Scale
Parallelized SSH Key Copying: To automate the process of distributing SSH keys, you can leverage Ansible’s authorized_key module. This lets Ansible push the SSH key to the target VMs, eliminating the need to run ssh-copy-id manually. This method is both automated and scalable for 1000+ VMs.
Example Playbook for Key Distribution:
yaml
Copy code
- name: Distribute SSH Key to All Hosts
hosts: all
become: yes
tasks:
- name: Add public key to authorized_keys
ansible.builtin.authorized_key:
user: # Replace with the appropriate user on the target VMs
state: present
key: "{{ lookup('file', '/path/to/public_key.pub') }}"
Using a Bootstrap Script: For the first-time configuration, you can also use a simple shell or PowerShell script that copies SSH keys to the VMs. This script can be pushed to each VM via cloud provider features (like User Data in AWS EC2) or an orchestration tool.
3. Windows VM Configuration with Ansible
WinRM Setup: Ansible uses WinRM (Windows Remote Management) to connect to Windows hosts. To set up SSH or password-based access on Windows, you’ll need to configure WinRM on each Windows VM.
Bootstrap Script: For initial setup, create a bootstrap PowerShell script that:
Enables and configures WinRM.
Adds the necessary firewall rules for WinRM (port 5986 for HTTPS).
Optionally installs OpenSSH server if SSH is preferred for Windows (available natively in Windows 10 and Windows Server 2019+).
Example PowerShell Bootstrap Script:
powershell
Copy code
# Configure WinRM for HTTPS
winrm quickconfig -q
winrm set winrm/config/service/auth @{Basic="true"}
winrm set winrm/config/service @{AllowUnencrypted="true"}
winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"}
After running this script, ensure your Ansible configuration file (ansible.cfg) includes WinRM settings for Windows hosts.
Summary
Using dynamic inventory plugins and automation scripts will make setting up and scaling Ansible for large environments more efficient. By leveraging authorized_key modules or bootstrap scripts, you can automate SSH or WinRM configurations, even in environments with mixed OS types, reducing the manual workload required for initial configuration.
Great session, boosts knowledge and confidence. Arigato Abhishek! 🙏🙏⚡⚡
Always great work by you .👌
@Abhishek.Veeramalla I have a small suggestion: if you could take a real-time example of what we will do on a day-to-day basis with this tool and explain it that way, it would be more helpful and easier to understand. Also, while giving interviews, we can explain things in an example way.
Hi Abhishek, it's very good explan ation, it makes to easy understand thank you very much
😍😍😍
@Abhishek.Veeramalla As you told in this video about passwordless authentication, copying a.pem key (private kay to a managed node) is another option for connecting a managed node. If you suppose 100 managed nodes, you will configure it. because for each managed node, we can't copy like this. There should be a solution, right?
As I have shown in the video, you can use ssh-copy-id command or ssh-agent
@@AbhishekVeeramallaI need your guidance to enter the DevOps field. Can you please help me? How do I contact you?
I have two question here.
1. once we did passwordless authentication after that if we turn off the instance and started it again the ip address of that instance will be changes so after that as well does password less authentication works..?
2. If we have 100 manage nodes that i am sshing through the password. so for the first time should i have to do ssh-copy-id for all the 100 nodes for one time..? or is there a way with sshpass we can do this?
As far I know
1. Using public address for instances , onces instances are stopped and restarted public IP address changes
In inventory file manage node ip address is different to restarted manage node ip address. Control node unable to identify manage node and fail to connect.
2. If control node instance restarted the mange node which previously trusted control node ip address is different to restarted ip address authentication fail
So use DNS name / static IP to avoid this
In Organizations they use Elastic Ip Addresses, So it will remain Static even we restart the instance.
Hii Abhishek,
Thank you for sharing such wonderful videos. I am learning about Ansible in detail through your content.
I am currently unable to ping the host server. Do you have any suggestions to resolve this issue?
Additionally, I have a suggestion: could you please share the history of the live classes?
so, if we install ansible in any one ec2 instance or in my local laptop is it going to be control node....?
please justify 😇😇 bro
Yes
Anna u have explained ansible in devops-zero-to-hero series but haven't used .yml or init , u have just used vim inventory and also u have done a different passwordless authentication method .so whats the difference between these and which one should i follow ????? Ifelt ansible easy in devops-zero-to hero series .
Both the things works. Don’t worry.
Thank you Abhishek for this great concept . In this tutorial you have shown how to connect manage nodes from mac machine . What happens when we connect from ubuntu machine to manage nodes . Do we need to copy .pem file into ubuntu system for ssh-copy-id command while connecting manage nodes ?
We can also do by using command ssh-keygen and then jst coping the Public key of ControlNode to Authorized key of managed Node will it work
Yes
Hey @Abhishek amazing session and just a small doubt if I have 100 diff do I need to use ssh-copy-id cus it needs manual intervention (we need to type yes) and for password authentication we need to enter password, is there any other way to establish connection that doesn't need any manual intervention?
Abhishek how can we automate the copying the ssh-keys into managed-nodes for example in future will get 100 servers i cant add them manually how to automate that also? i struck in this question so many interviews i gave like we will create the vm using sshe key copied ami but not satisfied on the top of it how about in onprime servers will do for copying the ssh keys.
But ssh-copy-id command is automated right? You are not doing anything manual. If you have 100 servers , write a loop.
@@AbhishekVeeramalla we can automate the copy-id with loop but how can we automate the changing the config of /etc/ssh/sshd_config file with passowrdauthentication to yes Actually i am new to ansible.
Hi Abhishek,
Thanks for posting such amazing videos, in this video I have couple of doubts:
1. we are providing password for first time through password authentication, once after that all the manage node is going to allow commands from control node right. If control node got hacked manage nodes also got compromised under this attack.
2. We are creating two manage nodes in AWS and we are providing the public IP address in our inventory.ini file right, but after restart public IP will get changed right in that case we need to update the inventory.ini file with new public address each and every time?
Can you please clarify this two questions for me.
Dear @Abhishek i'm facing this issue, i've gone through the above steps, still i couldnt able to connect with server from laptop - it shows -Public key (denied) after generating sshkeygen
Hello Abhishek,
Do i use my local machine for this practice or continue using VS code where i have installed YAML and Ansible? How do i use my Windows local machine ? command prompt or Windows power shell?
Thank you!
Abhishek bhai, please make 'O11y zero to hero'
Thanks a lot for whatever you've created so far .........
Hi Abhishek, if I'm planning to store my server details on host file what extension should I provide while creating it? I mean for inventory file we use inventory.ini right so what's for host file?
I'm willing to start learning DevOps. Do we need any pre requisite to start with this new Ansible Zero to Hero series
Hey buddy, no you do not need any pre-requisite but you should start your journey with DATE which stands for Devops zero to hero, then AWS/Azure 0 to hero and then Terraform 0 to hero. Then python 0 to hero and then comes the Ansible series
Please let me know how to identify file path ... means in the commant line mentioned as path to pem file na reg this
Is there any possibility to connect 50 manage Nodes in a group by using any command (or) ssh .
otherwise we have to connect each manage node by copying the publickey to the manage node in authorized keys file in .ssh directory from control node. please clarify
lets say we have to configure 100 vm , then we have to connect through password less connection through ssh (or) by giving the password for each VM.
My Question is we have any other option to connect multiple VM at a time rather than connecting each VM every time.
You can use the ssh-copy-id command as shown in day-2 of this series. If you have 100 nodes just put that command in a loop.
You don’t have to do anything manual or login to any vm.
@@AbhishekVeeramalla okay copy id will be in loop but how can we edit the cofig as password to yes in /etc/ssh/sshd_config ?
Your account is always helpful. Please, I just got my upcoming intern role changed from Devops to an IAC role that uses Ansible & Terraform. Would it be beneficial for me to finish the Devops course or review your Ansible & Terraform resources? Thank you sir.
Start with DevOps course if you want to complete all the fundamentals
Can you please share how did you get your intern role
Abhishek I think we might create a discord server as well so that we can discuss about the things like errors and other confusion in more details. So all the subscribers can interact with each other as well about the topic in deep.
you are the legend bro ❤
Once the key pair is created for the instance, should it be disabled to get password authentication to work ? As we set as yes in sshd config file or even if the keys are active,then the password authentication works?
. I have this doubt
Hi Abhishek in this playlist we have only till 8 or 9 days classes after that where i can find can you let me know
Thanks
Hi, can you please make a video by making ec2 instance or any linux as master node because most of us are using the windows and trying to make ec2 as master node and getting stuck up in the initial stage itself.
Hi Abhishek, while trying to execute the ansible ping command I am getting failed error. Failed to connect to the host via ssh. Could you please help.
@abhishek
Better we can use git bash its working fine without issues instead of wsl. Thanks abhishek
Hello sir, in the ssh-copy-id command, we are sharing private key (.pem) to remote instance. Generally we share public key (.pub) to remote and authenticate with private key. What exactly is happening here. Sorry if the doubt is lame 🙂🙂🙂
Hello @Abhishek.veeramalla , First of all thank you for your content . I have one question regarding Password less authentication using ssh method . In DevOps Zero to hero series you explain the password less authentication in different way and in this series Ansible zero to hero you explain in some different way .I am little bit confused can you please comment which is better to use.
Is this series for beginners even though if we haven't watched ansible videos from devops zero to hero playlist
Yeah u can still follow
@@AbhishekVeeramalla which one do you suggest...firstly to go for ansible in devops playlist or directly can start with this series ??
i am using one of the ec2 instance as control node, how should i specify path to pemfile.
if it is A local system then we use ~/downlods/keypair.pem ubuntu@IP to connect manage node
if it is ec2 instance how do we specify path
i am unable to connect using ssh keys
You got any solution for this? we can do the second method but first method not working from ec2 instance.
@@traveldiaries1999 no, i don't have any solution. but i could not forward to the next step that is inventory.ini
@@traveldiaries1999 even I tried to do the same but still it is not working.
It's working on Amazon linux machines but not on ubuntu@@jegannathanmurugan606
@@jegannathanmurugan606 bro can i contact you, regarding these videos
If we have 1000's of manage nodes should we give all those ip addresses in inventory file. as it is very difficult to give 1000's of manage nodes ip addresses know ?
absheik you want install suppose nginx in the ansible only install worker node not install control node why.
this is my question. give this clarify.
I am using one of the ec2 instance as control node, how should i specify path to pemfile.
if it is A local system then we use ~/downlods/keypair.pem ubuntu@IP to connect manage node
If it is ec2 instance how do we specify path?
ii am unable to connect using ssh keys
You need to copy the pem file to your ec2 instance or go for password based authentication as I explained in the video
@@AbhishekVeeramalla yeah did that but not working in ubuntu server as i am getting like Permission denied even though i have tried all the steps correctly and its working fine in Amazon linux Abhishek.
lets say my control Node,and my managed node are running on EC2 instance now i have stoped all this nodes now whenever i restart the instances will passwordless authentication work or i need to reconfigure as when we restart the instance the public IP get changes ,
so will i need to reconfigure the passwordless aunthentication or it will work and jst need to update inventory file with new ips of manges node
Use the dns name or static ip
Mr. Ab, can you make a video on how to create these instances or virtual machines without using AWS because there are other companies that do not use cloud platform services.
I understand but the steps are exactly same
Not able to copy the pem file to ec2 instance even though I tried to change the permission of the file and use -i , still getting
/usr/bin/ssh-copy-id: ERROR: No identities found
You need to create identity using ssh-keygen command
Hi @Abhishek.Veeramalla, I am working on project mostly on Ansible automation. having a lots doubts, is there any way to connect with you and ask some questions personally.
How to copy the same ssh key if we have hundreds of slave nodes in corporate world.. is their any script for this
Even if u write a script, you cannot bypass authentication.
Abhishek where can i get the notes you mentioned in video
Thanks Alot sir ❤
Could you explain the process of using the PEM method for SSH, which would allow users to connect without having to manually copy SSH keys?
Sorry, I did not get your question
@@AbhishekVeeramalla I was referring to setting the pem key under the host so that all the servers will be accessible or else we need to manually copy ssh to all the servers
/etc/hosts
[server-1]
10.1.1.139
[server-1:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=/opt/your.pem
[server-2]
10.1.1.201
[server-2:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=/opt/your.pem
############################
also, pem should have only read permissions 400 and it should be copied to the Ansible machine
I copied my id_rsa.pub key from the control node to replace the initial keypair in the managed node of my EC2 instance, logged out of the managed node and can't logged back into the managed node separately. Question, does it mean I can't ssh into the managed nodes without going through the control node? Or, can I have both keypairs in the authorized_keys file to allow both ssh?
1. You can ssh into the managed node with the private key, which you have generated in the control node(id_rsa). The set of public and private keys will prove the identity when you are connecting to an ec-2 instance.
2. So if you have both pub keys in authorized_keys of manager node, you can ssh with both the pem files.
Abhishek i have issues with he WSL installation on my windows machine. I have tried a lot of times but no luck...Can you please help me 😥
Where can i find notes for dialy classes
hey Abhishek , I am trying to setup passwordless authentication in ec2 ubuntu os But while doing ssh getting permission erro.
sir so i followed what u did but when i tried the password way from my laptop to ec2(target-node-2) it prompted with error saying key already exists and i was directly able to ssh ubuntu@
but the same thing when i did from ec2 (target-node-1) to ec2(target-node-2) this time it asked for the password
Yes even I faced the same issue
Hello Sir,
In subsequent lessons pls discuss abt privilege escalation wrt root , become for some file level manipulation , as sudo access are not granted on old legacy servers
Create separate playlist for ansible
Sure
@@AbhishekVeeramalla
Thanks for making playlist , Hope one along with other DevOps course . This will serve genuine roadmap for future gens 😊😊
Is there any chance of uploading GCP Videos abhishek
when we are using this pem file, it is giving the no identities found error or permission denied(public key) even after giving the complete 777 permission to the pem file , i have installed the wsl and generated the rsa and ssh and some times given the error as no such file or directory found, but the file is available in that location
You can run ssh-keygen -t rsa
@@AbhishekVeeramalla it dint work for me
I have been unable to install Ansible on my Mac book it just keeps running. Any help would be greatly appreciated. Try homebrew the same thing.
Hi Abhishek Good evening,
I want to setup password less authentication for 100 servers, is there any way setup all servers at a time? Could you please explain this scenario.
You still have to go through this or ssh agent but still one time manual activity is required
Need help!!!!!!
Im using windows machine, i have done all configuration in intellij,
all the steps i fallowed whatever covered in the video. i could see ansible version in my terminal. Im getting bellow error
no such identity No such file or directory
ubuntu@ipadress: Permission denied (publickey).
i generated keygen
I have given chmod 600 .
this error stopping me to go forward 😔
check my comment
Hi, Abishek I have wsl on my windows laptop could you pls help me, I don't have any ec2 instances I Have added my personal laptop ip address in the inventory file not able to find .pem file need your assistance on this
explain about the pem file while doing passwordless authentication
Hi Abhishek , I am also getting error ERROR: No identities found while using ssh-copy-id command, I have even generated the public key in the id_rsa.pub. But I am still getting the same error while using ssh-copy id command. What to do next ? Please guide, TIA.
Please run ssh-keygen -t rsa
To create the keys first
@@AbhishekVeeramalla I have created the key. And after, I am trying to run ssh copy id command and I am getting the same error.
Anna if we have bastion node private subnet in b/w control plane public subnet and working plane private subnet
how to run our script
hi sir i facing some problem when i try to do ssh-copy-id in my wsl on my windows machine which show permission denied could suggest me solution for this thank you
Sir, please make a video on passwordless authentication using Windows.
If we are using Windows system and installed WSL then how can be transfer the .pem file in the windows system to WSL. Are there any steps to be taken
Yes. I too have the same issue. Wsl linux can't able to locate the downloaded .pem file in windows. If anyone is aware of this. Please post an answer for this issue. It would be really helpful, because this is the basic of ansible and i am stuck with this issue.
Hi @abhishek iam not able to connect through passwordless authentication getting permission denied public key
Hello Sir, Please help me, whenever i ssh-copy-d command it give me permission denied.
Anna meru kuda 90days or 120 days aws devops course start chayachu ga fresh gaa ...update tools ni cover chastuu
Already devops + aws vundi bro rendu seperate playlists ga with updated concepts.
Yaa vunai Anna but present calls takkuva vunai gaa...so meru oka 3 to 4 months daily videos updated ga chasta memu follow avutamu ga...calls vacha loga prepared ga vuntamu ani
Hi Abhishek,
Can you please develop an updated series on Terraform, similar to the updated Ansible series? It would be highly beneficial for us. -- Thanks
Hi Abhishek could you pls make a video on complete CI/CD Deployment in kubernetes eks cluster with all the tools required in real time but with out Argo cd . And arifact version creation tool. It should be simple to explain in interview
Will try for sure. But with GitOps model is outdated, I would not recommend that approach
GitOPs model is outdated ?@@AbhishekVeeramalla
@@AbhishekVeeramallaThank you Abhishek for your kind reply . Pls make a video on that because most of the interviewers are expecting this method and also it will be easy to explain in interviews also.Most of them can't explain other methods
Hello team.....can anyone help me.......when I put command ( sudo vim /etc/ssh/sshd_config.d/60-cloudimg-settings.conf ) it is showing blank.....??????
Sir I have a doubt.
The command to enable passwordless authentication to a managed node on Ansible is
ssh-copy-id -f "-o IdentifyFile .
If there is a large number of managed nodes should we run this command for each and every node or how can we automate this.
Can anybody reading this reply if you know the solution?
Same doubt
you just killed it..
I created 2 ubuntu ec2 instance one is control and another is manage node. I installed ansible in control node but for password authentication whats the first command i need to enter. Please someone assist
How to connect multiple remote machine using password less connection at a time instead of going to each machine and establish.
Hi Abhishek ,
Please share password less authentication using wsl, will help us
Steps are same
The ssh passwordless command is not working for me...says error: no identities found
You need to create identity using ssh-keygen command
how to do this with private instance which has no public ip?????????
sir can you make on windows to access ansible...
Thank you ❤️
Thank You
path of identity file means
Episode 1 missed in playlist Abhishek
Just added, thanks
completed day1
Dear Abhi Bhai,
I would like to transition my career from a non-IT field. I have 5 years of experience in a non-IT role. Then, I got a job as a Technical Support Engineer, and I have been working in this position for the past 9 months. Additionally, I have been learning DevOps for 1 year. How can I switch to a complete DevOps job with this previous experience
From
Karimnagar