*Disclaimer:* I've never used the CyberArk suite so I'm not aware of all options it might have. Other tools I have used had their own replacement for "ssh" that had to be used and provided a similar experience. (But that was in a pre-Ansible world about 15 years ago so...)
Your question really sounds like your CyberArk engineers need to talk with you and your managers on how they will permit you to continue to do work while increasing security It might be that they are now requiring specific "ssh enabled" accounts instead of your usual method of gonig in straight as root. Connecting to a server as root is a bad idea - you should use a regular account and use "sudo" (e.g. 'become' in Ansible) to perform commands with root permissions. If they truly locked things down so you must use the CyberArk GUI/tool and don't have a ssh option at all then you're probably out of luck. On Saturday, February 23, 2019 at 1:20:31 PM UTC-6, imanuel.g...@gmail.com wrote: > > Hello > > We have Ansible in our organisation which deploys software across our > Development servers. > > > > IT Security recently CyberArk'd each of the Development servers and now > Ansible cannot log into each of the machines (not even as 'root'). > > > > When I try manually to SSH as 'root' with the password from CyberArk > (copied and pasted) I'm still unable to log on. The only way to open a > session as ‘root’ is from within CyberArk. > > > > I read about AIM agents but my understanding is that all that this will do > is retrieve the password from CyberArk and pass it back to Ansible. > > > > In other words, how will this help me for as long as the servers are > Unreachable and I cannot even SSH from one machine to another not even as > 'root' ? > > > > Am I going about this the right way or is it possible that additional > security been added (such as firewalls) which I am unaware of ? > > > > Can you help ? > > > > Many thanks for your advice. > > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/40e87262-8966-4b58-8e62-9796c8fa96b1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
