cancel
Showing results for 
Search instead for 
Did you mean: 
useradd
Cadet
Cadet
  • 7,973 Views

In RHEL9, SSH root login is disabled. How do I configure managed nodes with Ansible?

Jump to solution

Hello, I recently passed the RHCSA exam (RHEL 9) and now started studying for RHCE EX294.

In RHEL 8, the default sshd configurartion permits root login. So it was possible to set up an ansible user and give a sudo priviliege without touching the managed nodes.

But RHEL 9 does not allow root login via ssh by default. So first I have to manually login to each managed nodes as root and edit the sshd configuration file to allow root login before anything.

Is this going to be the way it is? or Is there something I am not aware of (which is more likely because I am still new to Linux) ?

Labels (3)
1 Solution

Accepted Solutions
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 7,952 Views

Use another account (perhaps devops, if you are using Red Hat's labs - heck, even student will work) that has sudo access to modify /etc/ssh/sshd_config -- If you need root to be able to log into those systems.

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College

View solution in original post

3 Replies
Tracy_Baker
Starfighter Starfighter
Starfighter
  • 7,953 Views

Use another account (perhaps devops, if you are using Red Hat's labs - heck, even student will work) that has sudo access to modify /etc/ssh/sshd_config -- If you need root to be able to log into those systems.

https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html

Program Lead at Arizona's first Red Hat Academy, est. 2005
Estrella Mountain Community College
Fran_Garcia
Starfighter Starfighter
Starfighter
  • 7,943 Views

This. Additionally, in enterprise deployment systems you typically take care of preprovision non-root accounts at installation time automatically (via a Kickstart file, or some other means). At that time you also add any SSH keys and sudo configuration for that user so ansible can manage the systems with no fuss (and no manual logins to configure anything).

If you are using Virtual Machine templates, you can bake in this configuration in the same way, so there's that .

Tess
Flight Engineer
Flight Engineer
  • 7,939 Views

I 100% agree with my predecessors: in reality you should never be using the root account to login remotely. Always use a non-privileged account, which then uses sudo to perform privileged actions. This is something Ansible can handle perfectly well with the ansible_user and become settings.

Join the discussion
You must log in to join this conversation.