Ansible - Connection


Connection parameters to hosts are given through variable.

Order of precedence

The connection variable defined at the command line have a lower priority that the connection variables defined elsewehere (such as playbook,…).See Playbook Variable


  • The playbook defines ramon as connection user.
- hosts: all
  remote_user: ramon # connection user must be ramon
  • At the command line, we set the connection user to lola
ansible -u lola myhost
  • but the connection is still made as ramon because the value from the variable takes priority. See Playbook Variable


A connection_variable can be:

  • for a user authentication
    • ansible_user=admin (The old one was ansible_ssh_user)
    • ansible_password=password (The old one was ansible_ssh_pass)
    • ansible_connection=ssh
  • for a private key authentication
    • ansible_ssh_private_key_file=my-privkey-openssh.pem – Private key file used by ssh. Useful if using multiple keys and you don’t want to use SSH agent. - (On the clis (ansible, ansible-playbook, see the --private-key= option) - The file must be in the pem format.
  • for authorization escalation during the run
    • ansible_become=yes
    • ansible_become_user=install_user
    • ansible_become_pass=welcome1
    • ansible_become_method=sudo
    • ansible_sudo_pass=password
  • for host definition
    • ansible_host=
    • ansible_host=hostname
    • ansible_port=22
  • for connection type
    • ansible_connection Default: smart, may be get the value local and given via:

Passing password at the command line

ansible-playbook playbook.yml -i inventory.ini  --extra-vars "ansible_sudo_pass=yourPassword"

Private Key

There is no option to store passphrase-protected private key. See the note in List of Behavioral Inventory Parameters.

You need to:



  • ansible_port: 5986
  • ansible_connection: winrm
  • ansible_winrm_server_cert_validation: ignore
  • ansible_winrm_transport: ntlm
  • ansible_user: [email protected]
  • ansible_password: xxxxxxx

Make sure you have ran `ConfigureRemotingForAnsible.ps1` on your windows host

Connection Type


User connection

You can define the running user with the help of this two variable:

If the ansible_user is defined in a inventory file, the remote_user value will have no effect because of order of precedence. You need to become instead. See 20045


hostName ansible_host= ansible_ssh_pass=Gam5sKZ8g6Q ansible_become_pass=GuCZWuGam5sKZ8g6Q
- hosts: all 
  become: yes
  become_user: install_user
  • Within a Playbook where the login user are defined with remote_user (Don't set the ansible_user)
- hosts: all 
  remote_user: login_user
  become: yes
  become_user: install_user
ansible-playbook playbook.yml -i hosts.ini

Private Key

Ansible get the privaye key:

  • from the ssh-agent. (You need to add them first)
  • from the ansible_ssh_private_key_file variable
  • or from the --private-key cli option.

Documentation / Reference

Powered by ComboStrap