Ansible: How to use TPM-stored SSH key for SSH authentication

In your Ansible inventory file, you can specify ansible_ssh_extra_args='-o PKCS11Provider=/usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1' to use a TPM-stored SSH key for SSH authentication.

This will force SSH to use the TPM PKCS#11 provider for the SSH key authentication, allowing you to securely use your SSH keys stored in the TPM.

[servers]
server01 ansible_host=10.1.2.3 ansible_user=myuser ansible_ssh_extra_args='-o PKCS11Provider=/usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1'

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee