VyOS supports Enable Mode (Privilege Escalation). This page offers details on how to use Enable Mode on VyOS in Ansible.
uses SSH keys / SSH-agent if present
|Indirect Access||via a bastion (jump host)|
|Returned Data Format||Refer to individual module documentation|
For legacy playbooks, VyOS still supports
ansible_connection: local. We recommend modernizing to use
ansible_connection: network_cli as soon as possible.
ansible_connection: network_cli ansible_network_os: vyos ansible_user: myuser ansible_password: !vault... ansible_ssh_common_args: '-o ProxyCommand="ssh -W %h:%p -q bastion01"'
- If you are using SSH keys (including an ssh-agent) you can remove the
- If you are accessing your host directly (not through a bastion/jump host) you can remove the
- If you are accessing your host through a bastion/jump host, you cannot include your SSH password in the
ProxyCommanddirective. To prevent secrets from leaking out (for example in
psoutput), SSH does not support providing passwords via environment variables.
- name: Retrieve VyOS version info vyos_command: commands: show version when: ansible_network_os == 'vyos'
Never store passwords in plain text. We recommend using SSH keys to authenticate SSH connections. Ansible supports ssh-agent to manage your SSH keys. If you must use passwords to authenticate SSH connections, we recommend encrypting them with Ansible Vault.