SSH Security in Ansible

SSH (Secure Shell) is a protocol that allows secure remote login and other secure network services over an insecure network. In Ansible, SSH is the primary method for communicating with managed nodes. Ensuring SSH security is paramount to maintaining the integrity and confidentiality of the data and systems involved.

2.1 SSH Key Pairs

SSH uses a pair of keys for authentication: a public key and a private key. The public key is placed on the server, while the private key is kept secure on the client.

2.2 SSH Configuration

SSH configuration files allow you to specify various security options, such as disallowing root login or specifying allowed users.

2.3 Ansible Inventory

Ansible uses an inventory file to specify the hosts to manage. SSH settings can be defined in this file.

3.1 Generating SSH Key Pairs

To generate SSH key pairs, use the following command:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Follow the prompts to save the key in the default location.

3.2 Copying Public Key to Server

Use the following command to copy your public key to the server:

ssh-copy-id user@hostname

3.3 Configuring the SSH Daemon

Edit the SSH daemon configuration file located at /etc/ssh/sshd_config to enhance security:

sudo nano /etc/ssh/sshd_config

Consider adjusting the following settings:

• Disable root login: PermitRootLogin no
• Use public key authentication only: PasswordAuthentication no
• Limit user access: AllowUsers user1 user2

After making changes, restart the SSH service:

sudo systemctl restart sshd

• Use strong passphrases for SSH keys.
• Regularly rotate SSH keys.
• Limit user access through the AllowUsers directive.
• Implement firewall rules to restrict SSH access to specific IPs.
• Use two-factor authentication for added security.