Working with managed nodes with password (not passphrase)


In all the examples till now we have used password less communication by setting up a passphrase with no password. So that the controller is able to communicate with the managed nodes without prompting for any password.

But this is again not a strict requirement (although recommended). We can also use password based communication between controller and managed nodes. To demonstrate this example I have removed authorized_keys entry for controller node on server3 so now password less communication won’t work for server3.

I have updated my /etc/hosts on all the nodes with the details of server3 which is created using the AMI Image of one of our managed nodes.

[ansible@controller ~]$ cat /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6    controller    server1    server2    server3

Next we will update our inventory to also include this host

[ansible@controller ~]$ head -n 3 /etc/ansible/hosts

Now if I try to do a plain SSH from controller to server3, it should prompt me for password:

[ansible@controller ~]$ ssh server3
ansible@server3's password:
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Mon Sep 21 07:46:47 2020
[ansible@server3 ~]$

So our password less communication is not working any more. Let us now use ansible to ping to this managed node:

[ansible@controller ~]$ ansible server3 -m ping
server3 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ansible@server3: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true

So the ansible has failed because by default ansible will not prompt for any password so we must supply --ask-pass or -k to make ansible prompt for the password.

[ansible@controller ~]$ ansible server3 -m ping --ask-pass
SSH password:
server3 | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/libexec/platform-python"
    "changed": false,
    "ping": "pong"

Now you can execute any ad-hoc command or playbook using ansible with --ask-pass without the need for passphrase.


What’s Next

Next in our Ansible Tutorial we will learn about Jinja2 templates and syntax


If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can either use the comments section or contact me form.

Thank You for your support!!

1 thought on “Working with managed nodes with password (not passphrase)”

Leave a Comment