what I would try is 1. create an ~/.ssh/conf file as per the example I sent 2. use Ansible as if there was no jumphost involved at all ---------- Original Message ---------- From: Monica <monicaacision1...@gmail.com> To: Gunnar Wagner <gunnar.wag...@mailbox.org> Date: 04/03/2023 6:11 PM CEST Subject: Re: [ansible-project] Need to automate task via bastion host hi Gunnar, I tried this and the same didn't work out-: [remote-nodes] remote-node-1 ansible_host=<remote-node-1-IP> ansible_user=user ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 user@<bastion-host-IP>"' remote-node-2 ansible_host=<remote-node-2-IP> ansible_user=user ansible_ssh_common_args='-o ProxyCommand="ssh -W %h:%p -p 8022 user@<bastion-host-IP>"' On Mon, Apr 3, 2023 at 6:00 PM Gunnar Wagner <gunnar.wag...@mailbox.org mailto:gunnar.wag...@mailbox.org> wrote:
> it is not quite clear what exactly you have tried & did not work > > > On 04/03/2023 12:32 PM CEST Monica <monicaacision1...@gmail.com > > mailto:monicaacision1...@gmail.com> wrote: > > > > > > Hi Todd, > > > > Thank you for explaining the same, however I am still getting the same > > error-: > > > > > > > > On Mon, Apr 3, 2023 at 11:13 AM dulhaver via Ansible Project > > <ansible-project@googlegroups.com mailto:ansible-project@googlegroups.com> > > wrote: > > > > > I agree with Tood, that setting up a propper ~/.ssh/config should be the > > > way to do this. something like ... > > > > > > Host jumphost > > > HostNamehttp://jumphost.blub.com > > > User username > > > PreferredAuthentication publickey > > > IdentityFile ~/.ssh/demo.ed25519 > > > > > > Host internal-target > > > Hostnamehttp://target.blub.com > > > ProxyJump jumphost > > > User username > > > PreferredAuthentication publickey > > > IdentityFile ~/.ssh/demo.ed25519 > > > > > > > > > ... should do it I believe > > > > > > > > > > On 04/02/2023 10:51 PM CEST Todd Zullinger <t...@pobox.com > > > > mailto:t...@pobox.com> wrote: > > > > > > > > > > > > Will McDonald wrote: > > > > > https://www.jeffgeerling.com/blog/2022/ > > > > > using-ansible-playbook-ssh-bastion-jump-host > > > > > > > > Odd that uses ProxyCommand in `ansible_ssh_common_args` and > > > > not the far simpler ProxyJump, which it does mention in the > > > > ~/.ssh/config method. The `-J` shortcut for that is even > > > > better. > > > > > > > > Perhaps it does that to illsutrate a more complex use case, > > > > where the bastion runs on a different port, but if you're > > > > not doing that, it's likely simpler to skip it and use the > > > > `-J` argument. > > > > > > > > I would expect (but have not tested) this works: > > > > > > > > ansible_ssh_common_args='-J $your_bastion_hostname' > > > > > > > > ProxyJump / -J was added in OpenSSH-7.3 -- so it's surely on > > > > any host folks would be using as an ansible control host. > > > > > > > > -- > > > > Todd > > > > > > > > -- > > > > You received this message because you are subscribed to the Google > > > > Groups "Ansible Project" group. > > > > To unsubscribe from this group and stop receiving emails from it, send > > > > an email to ansible-project+unsubscr...@googlegroups.com > > > > mailto:ansible-project%2bunsubscr...@googlegroups.com. > > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/ansible-project/ZCnqsTK-z1LKdm05%40pobox.com. > > > > > > --- > > > gunnar wagner | fichtestr. 1, 19386 lübz | fon: 0176 7808 9090 > > > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "Ansible Project" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to ansible-project+unsubscr...@googlegroups.com > > > mailto:ansible-project%2bunsubscr...@googlegroups.com. > > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/ansible-project/404677238.549090.1680500565843%40office.mailbox.org. > > > > > > > > > -- > > > > > > > > > > > > Thanks and Regards, > > > > > > > > > > > > Monika Dharmshaktu > > > > > > EMail: monicaacision1...@gmail.com mailto:monicaacision1...@gmail.com > > > > Cell: +91 9654525106 > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "Ansible Project" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to ansible-project+unsubscr...@googlegroups.com > > mailto:ansible-project+unsubscr...@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/ansible-project/CANi23%3Dy4qzVo6Ci9DReu%3DxvLHYx9Swokd_EaB8e1s_%3D_k5hDjQ%40mail.gmail.com > > > > https://groups.google.com/d/msgid/ansible-project/CANi23%3Dy4qzVo6Ci9DReu%3DxvLHYx9Swokd_EaB8e1s_%3D_k5hDjQ%40mail.gmail.com?utm_medium=email&utm_source=footer. > > > > > > -- Thanks and Regards, Monika Dharmshaktu EMail: monicaacision1...@gmail.com mailto:monicaacision1...@gmail.com Cell: +91 9654525106 -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/982276780.653605.1680601644453%40office.mailbox.org.
