ansible.builtin.ssh – connect via ssh client binary
Note
This connection plugin is part of ansible-core and included in all Ansible
installations. In most cases, you can use the short
plugin name
ssh even without specifying the collections: keyword.
However, we recommend you use the FQCN for easy linking to the
plugin documentation and to avoid conflicting with other collections that may have
the same connection plugin name.
Synopsis
This connection plugin allows ansible to communicate to the target machines via normal ssh command line.
Ansible does not expose a channel to allow communication between the user and the ssh process to accept a password manually to decrypt an ssh key when using this connection plugin (which is the default). The use of
ssh-agentis highly recommended.
Parameters
Parameter |
Comments |
|---|---|
This is the location to save ssh’s ControlPath sockets, it uses ssh’s variable substitution. Since 2.3, if null (default), ansible will generate a unique hash. Use Before 2.3 it defaulted to Be aware that this setting is ignored if Configuration:
|
|
This sets the directory to use for ssh control path if the control path setting is null. Also, provides the Default: “~/.ansible/cp” Configuration:
|
|
Hostname/ip to connect to. Configuration:
|
|
Determines if ssh should check host keys Choices:
Configuration:
|
|
Authentication password for the Configuration:
|
|
Pipelining reduces the number of connection operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfers. This can result in a very significant performance improvement when enabled. However this can conflict with privilege escalation (become). For example, when using sudo operations you must first disable ‘requiretty’ in the sudoers file for the target hosts, which is why this feature is disabled by default. Choices:
Default: “ANSIBLE_PIPELINING” Configuration:
|
|
Remote port to connect to. Configuration:
|
|
Path to private key file to use for authentication Configuration:
|
|
Number of attempts to connect. Default: 0 Configuration:
|
|
User name with which to login to the remote server, normally set by the remote_user keyword. If no user is supplied, Ansible will let the ssh client binary choose the user as it normally Configuration:
|
|
This defines the location of the scp binary. It defaults to scp which will use the first binary available in $PATH. Default: “scp” Configuration:
|
|
Extra exclusive to the Default: “” Configuration:
|
|
Preferred method to use when transfering files over ssh When set to smart, Ansible will try them until one succeeds or they all fail If set to True, it will force ‘scp’, if False it will use ‘sftp’ Default: “smart” Configuration:
|
|
TODO: write it Choices:
Configuration:
|
|
This defines the location of the sftp binary. It defaults to Default: “sftp” Configuration:
|
|
Extra exclusive to the Default: “” Configuration:
|
|
Arguments to pass to all ssh cli tools Default: “-C -o ControlMaster=auto -o ControlPersist=60s” Configuration:
|
|
Common extra args for all ssh CLI tools Default: “” Configuration:
|
|
This defines the location of the ssh binary. It defaults to This option is usually not required, it might be useful when access to system ssh is restricted, or when using ssh wrappers to connect to remote hosts. Default: “ssh” Configuration:
|
|
Extra exclusive to the ‘ssh’ CLI Default: “” Configuration:
|
|
Preferred method to use when transferring files over ssh Setting to ‘smart’ (default) will try them in order, until one succeeds or they all fail Using ‘piped’ creates an ssh pipe with Choices:
Configuration:
|
|
Password prompt that sshpass should search for. Supported by sshpass 1.06 and up. Default: “” Configuration:
|
|
This is the default ammount of time we will wait while establishing an ssh connection It also controls how long we can wait to access reading the connection once established (select on the socket) Default: 10 Configuration:
|
|
add -tt to ssh commands to force tty allocation Choices:
Configuration:
|