In this post we will demonstrate how to use a SSH Bastion or Jump Host with Ansible to reach the target server.
In some scenarios, the target server might be in a private range which is only accessible via a bastion host, and that counts the same for ansible as ansible is using SSH to reach to the target servers.
SSH Config
Our bastion host is configured as bastion and the config under ~/.ssh/config looks like this:
1234567891011
Host *
Port 22
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
ServerAliveInterval 60
ServerAliveCountMax 30
Host bastion
HostName bastion.mydomain.com
User bastion
IdentityFile ~/.ssh/id_rsa
To verify that our config is working, you should be able to use:
1
$ ssh bastion
Using a Bastion with Ansible
In order to reach our target server we need to use the bastion, so to test the SSH connection we can use this SSH one-liner. Our target server has a IP address of 172.31.81.94 and expects us to provide a ansible.pem private key and we need to authenticate with the ubuntu user: