ansible.builtin.ssh – connect via ssh client binary

Note

This module is part of ansible-base and included in all Ansible installations. In most cases, you can use the short module name ssh even without specifying the collections: keyword. Despite that, we recommend you use the FQCN for easy linking to the module documentation and to avoid conflicting with other collections that may have the same module name.

Synopsis
Parameters

Synopsis

This connection plugin allows ansible to communicate to the target machines via normal ssh command line.
Ansible does not expose a channel to allow communication between the user and the ssh process to accept a password manually to decrypt an ssh key when using this connection plugin (which is the default). The use of ssh-agent is highly recommended.

Parameters

Parameter	Choices/Defaults	Configuration	Comments
control_path string		ini entries: [ssh_connection] control_path = None env:ANSIBLE_SSH_CONTROL_PATH var: ansible_control_path added in 2.7 of ansible.builtin	This is the location to save ssh's ControlPath sockets, it uses ssh's variable substitution. Since 2.3, if null, ansible will generate a unique hash. Use `%(directory)s` to indicate where to use the control dir path setting.
control_path_dir string	Default: "~/.ansible/cp"	ini entries: [ssh_connection] control_path_dir = ~/.ansible/cp env:ANSIBLE_SSH_CONTROL_PATH_DIR var: ansible_control_path_dir added in 2.7 of ansible.builtin	This sets the directory to use for ssh control path if the control path setting is null. Also, provides the `%(directory)s` variable for the control path setting.
host string	Default: "inventory_hostname"	var: ansible_host var: ansible_ssh_host	Hostname/ip to connect to.
host_key_checking boolean	Choices: no yes	ini entries: [defaults] host_key_checking = None [ssh_connection] host_key_checking = None added in 2.5 of ansible.builtin env:ANSIBLE_HOST_KEY_CHECKING env:ANSIBLE_SSH_HOST_KEY_CHECKING added in 2.5 of ansible.builtin var: ansible_host_key_checking added in 2.5 of ansible.builtin var: ansible_ssh_host_key_checking added in 2.5 of ansible.builtin	Determines if ssh should check host keys
password string		var: ansible_password var: ansible_ssh_pass var: ansible_ssh_password	Authentication password for the `remote_user`. Can be supplied as CLI option.
pipelining boolean	Choices: no yes Default: "ANSIBLE_PIPELINING"	ini entries: [defaults] pipelining = ANSIBLE_PIPELINING [ssh_connection] pipelining = ANSIBLE_PIPELINING env:ANSIBLE_PIPELINING env:ANSIBLE_SSH_PIPELINING var: ansible_pipelining var: ansible_ssh_pipelining	Pipelining reduces the number of SSH operations required to execute a module on the remote server, by executing many Ansible modules without actual file transfer. This can result in a very significant performance improvement when enabled. However this conflicts with privilege escalation (become). For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, which is why this feature is disabled by default.
port integer	Default: 22	ini entries: [defaults] remote_port = 22 env:ANSIBLE_REMOTE_PORT var: ansible_port var: ansible_ssh_port	Remote port to connect to.
private_key_file string		ini entries: [defaults] private_key_file = None env:ANSIBLE_PRIVATE_KEY_FILE var: ansible_private_key_file var: ansible_ssh_private_key_file	Path to private key file to use for authentication
remote_user string		ini entries: [defaults] remote_user = None env:ANSIBLE_REMOTE_USER var: ansible_user var: ansible_ssh_user	User name with which to login to the remote server, normally set by the remote_user keyword. If no user is supplied, Ansible will let the ssh client binary choose the user as it normally
retries integer	Default: 3	ini entries: [connection] retries = 3 [ssh_connection] retries = 3 env:ANSIBLE_SSH_RETRIES var: ansible_ssh_retries added in 2.7 of ansible.builtin	Number of attempts to connect.
scp_executable string added in 2.6 of ansible.builtin	Default: "scp"	ini entries: [ssh_connection] scp_executable = scp env:ANSIBLE_SCP_EXECUTABLE var: ansible_scp_executable added in 2.7 of ansible.builtin	This defines the location of the scp binary. It defaults to `scp` which will use the first binary available in $PATH.
scp_extra_args string		ini entries: [ssh_connection] scp_extra_args = None added in 2.7 of ansible.builtin env:ANSIBLE_SCP_EXTRA_ARGS added in 2.7 of ansible.builtin var: ansible_scp_extra_args	Extra exclusive to the ``scp`` CLI
scp_if_ssh string	Default: "smart"	ini entries: [ssh_connection] scp_if_ssh = smart env:ANSIBLE_SCP_IF_SSH var: ansible_scp_if_ssh added in 2.7 of ansible.builtin	Preferred method to use when transfering files over ssh When set to smart, Ansible will try them until one succeeds or they all fail If set to True, it will force 'scp', if False it will use 'sftp'
sftp_batch_mode boolean	Choices: no yes ←	ini entries: [ssh_connection] sftp_batch_mode = yes env:ANSIBLE_SFTP_BATCH_MODE var: ansible_sftp_batch_mode added in 2.7 of ansible.builtin	TODO: write it
sftp_executable string added in 2.6 of ansible.builtin	Default: "sftp"	ini entries: [ssh_connection] sftp_executable = sftp env:ANSIBLE_SFTP_EXECUTABLE var: ansible_sftp_executable added in 2.7 of ansible.builtin	This defines the location of the sftp binary. It defaults to ``sftp`` which will use the first binary available in $PATH.
sftp_extra_args string		ini entries: [ssh_connection] sftp_extra_args = None added in 2.7 of ansible.builtin env:ANSIBLE_SFTP_EXTRA_ARGS added in 2.7 of ansible.builtin var: ansible_sftp_extra_args	Extra exclusive to the ``sftp`` CLI
ssh_args string	Default: "-C -o ControlMaster=auto -o ControlPersist=60s"	ini entries: [ssh_connection] ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s env:ANSIBLE_SSH_ARGS var: ansible_ssh_args added in 2.7 of ansible.builtin	Arguments to pass to all ssh cli tools
ssh_common_args string		ini entries: [ssh_connection] ssh_common_args = None added in 2.7 of ansible.builtin env:ANSIBLE_SSH_COMMON_ARGS added in 2.7 of ansible.builtin var: ansible_ssh_common_args	Common extra args for all ssh CLI tools
ssh_executable string added in 2.2 of ansible.builtin	Default: "ssh"	ini entries: [ssh_connection] ssh_executable = ssh env:ANSIBLE_SSH_EXECUTABLE var: ansible_ssh_executable added in 2.7 of ansible.builtin	This defines the location of the ssh binary. It defaults to ``ssh`` which will use the first ssh binary available in $PATH. This option is usually not required, it might be useful when access to system ssh is restricted, or when using ssh wrappers to connect to remote hosts.
ssh_extra_args string		ini entries: [ssh_connection] ssh_extra_args = None added in 2.7 of ansible.builtin env:ANSIBLE_SSH_EXTRA_ARGS added in 2.7 of ansible.builtin var: ansible_ssh_extra_args	Extra exclusive to the 'ssh' CLI
sshpass_prompt string added in 2.10 of ansible.builtin	Default: ""	ini entries: [ssh_connection] sshpass_prompt = env:ANSIBLE_SSHPASS_PROMPT var: ansible_sshpass_prompt	Password prompt that sshpass should search for. Supported by sshpass 1.06 and up.
use_tty boolean added in 2.5 of ansible.builtin	Choices: no yes ←	ini entries: [ssh_connection] usetty = yes env:ANSIBLE_SSH_USETTY var: ansible_ssh_use_tty added in 2.7 of ansible.builtin	add -tt to ssh commands to force tty allocation

Authors

ansible (@core)

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.10/collections/ansible/builtin/ssh_connection.html