If you use Ansible to manage servers, you should probably use ssh keys to do so. Ssh keys are a way of authenticating to a server, like passwords are. Ssh keys can be protected with passwords or they can be passwordless. If you’re using them for automation, you might need to use passwordless ssh keys, but otherwise, it’s a good practice to protect the keys as well. You can create a key, or really a ssh key pair with the command

One chicken-and-egg-problem with setting up servers is taking care of secrets. Secrets are hard, and they’re especially hard to keep secret. When working with systems management, you really want to keep your secrets secret, but you also want to share them with your peers. In essence, this is a conflict of interests and a hard problem to solve in a truly usable manner. But it’s not impossible. Lately, i’ve been re-introducing myself to Ansible because it’s a way to efficiently communicate intent between peers.

The first time you contact an ssh server, you’re presented with a fingerprint and asked whether you want to trust the server to be who it is, based on this fingerprint. Blindly, i might add. If you’re at least a bit concerned about (usable) security, this should send a few shivers down your spine; how the heck are you supposed to know whether this fingerprint is right or not. If you’re managing your servers with ansible, this query can be inconvenient, as it stops your flow at some random place and it’s not entirely clear where it will commence.