cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
useradd
Cadet
Cadet
‎05-30-2023 10:53 PM
  • 7,752 Views

In RHEL9, SSH root login is disabled. How do I configure managed nodes with Ansible?

Jump to solution

Hello, I recently passed the RHCSA exam (RHEL 9) and now started studying for RHCE EX294.

In RHEL 8, the default sshd configurartion permits root login. So it was possible to set up an ansible user and give a sudo priviliege without touching the managed nodes.

But RHEL 9 does not allow root login via ssh by default. So first I have to manually login to each managed nodes as root and edit the sshd configuration file to allow root login before anything.

Is this going to be the way it is? or Is there something I am not aware of (which is more likely because I am still new to Linux) ?

Labels (3)
Labels
Join the discussion
1 Solution

Accepted Solutions
Tracy_Baker
Starfighter Starfighter
Starfighter
‎05-31-2023 05:22 AM
  • 7,731 Views

Jump to solution

Use another account (perhaps devops, if you are using Red Hat's labs - heck, even student will work) that has sudo access to modify /etc/ssh/sshd_config -- If you need root to be able to log into those systems.

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

View solution in original post

3 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
‎05-31-2023 05:22 AM
  • 7,732 Views

Jump to solution

Use another account (perhaps devops, if you are using Red Hat's labs - heck, even student will work) that has sudo access to modify /etc/ssh/sshd_config -- If you need root to be able to log into those systems.

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Fran_Garcia
Starfighter Starfighter
Starfighter
‎05-31-2023 08:33 AM
  • 7,722 Views

Jump to solution

This. Additionally, in enterprise deployment systems you typically take care of preprovision non-root accounts at installation time automatically (via a Kickstart file, or some other means). At that time you also add any SSH keys and sudo configuration for that user so ansible can manage the systems with no fuss (and no manual logins to configure anything).

If you are using Virtual Machine templates, you can bake in this configuration in the same way, so there's that .

Tess
Flight Engineer
Flight Engineer
‎05-31-2023 08:41 AM
  • 7,718 Views

Jump to solution

I 100% agree with my predecessors: in reality you should never be using the root account to login remotely. Always use a non-privileged account, which then uses sudo to perform privileged actions. This is something Ansible can handle perfectly well with the ansible_user and become settings.

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2024 Red Hat, Inc. Privacy policy Terms of use