🌿
Ansible Control Node on Ubuntu 24.04 Windows 11 からの最短構築ガイド
要約
Windows 11 Home から Ubuntu Server 24.04.3 LTS(ホスト名 ctrl)を Ansible コントロールノードとして構築する手順を、ChatGPT に相談しながらまとめました。
具体的には、公開鍵認証の設定、known_hosts を保存しない運用、pipx 経由の Ansible 導入、パスワード認証禁止を解説します。
セキュリティ注意
本記事には検証用途として SSH のホスト鍵検証を無効化する設定が含まれます。本番環境では推奨されません。本番では known_hosts の適切な配布・管理とホスト鍵検証の有効化を行ってください。
0. 仕様・前提
-
Ubuntu Server
- OS: Ubuntu Server 24.04.3 LTS
- Hostname:
ctrl - IP:
192.168.100.10/24(GW/DNS:192.168.100.2) - User:
op -
~/.sshと~/.ssh/authorized_keysは既に存在し、適切なパーミッションが割り当て済み[1]
-
Windows 11
- OS: Windows 11 Home (24H2)
- User:
y_mrok - 端末上で秘密鍵/公開鍵を作成
- 公開鍵認証のみ利用
- known_hosts ファイルは作成しない
-
セキュリティ注意
- 以下の手順にはホスト鍵検証を無効化する設定が含まれます。検証用途向けであり、本番では known_hosts を管理し検証を有効にしてください。
1. Windows 側の準備
1.1 鍵作成(PowerShell)
ssh-keygen -t ed25519 -C "op@ctrl"
1.2 公開鍵を Ubuntu に追記(known_hosts を保存しない/重複排除)
type $env:USERPROFILE\.ssh\id_ed25519.pub |
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=NUL op@192.168.100.10 `
"cat >> ~/.ssh/authorized_keys && sort -u ~/.ssh/authorized_keys -o ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
1.3 Windows の SSH 既定設定と ssh ctrl 接続設定
$cfg = @"
Host *
StrictHostKeyChecking no
UserKnownHostsFile NUL
Host ctrl
HostName 192.168.100.10
User op
IdentityFile ~/.ssh/id_ed25519
"@
$cfg | Out-File -FilePath "$env:USERPROFILE\.ssh\config" -Encoding ascii -Force
1.4 接続テスト
ssh ctrl
2. Ubuntu 側の初期設定
2.1 システム最新化
sudo apt update
sudo apt -y dist-upgrade
sudo apt -y autoremove
sudo reboot
再ログイン後、次へ。
2.2 タイムゾーンを Asia/Tokyo
sudo timedatectl set-timezone Asia/Tokyo
timedatectl
2.3 op の sudo をパスワード不要に
sudo usermod -aG sudo op
echo "op ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/99-op-nopw >/dev/null
sudo chmod 440 /etc/sudoers.d/99-op-nopw
2.4 Ubuntu の SSH クライアント既定(フィンガープリントを保存しない/known_hosts 不使用)
cat > ~/.ssh/config <<'EOF'
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
GlobalKnownHostsFile /dev/null
CheckHostIP no
EOF
chmod 0600 ~/.ssh/config
3. pipx 経由で Ansible を導入
sudo apt update
sudo apt install -y pipx
pipx ensurepath
. ~/.profile
pipx install --include-deps ansible
ansible --version
4. Ansible の最小設定(host_key_checking 無効)
mkdir -p ~/.ansible
cat > ~/.ansible.cfg <<'EOF'
[defaults]
host_key_checking = False
[ssh_connection]
ssh_args = -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null
EOF
動作確認:
ansible all -i 'localhost,' -c local -m ansible.builtin.ping \
-e 'ansible_python_interpreter=auto_silent'
5. Ubuntu の SSH サーバーでパスワード認証を無効化
すでに公開鍵認証で接続できる前提。完全にパスワードログインを禁止したい場合のみ。
echo -e "passwordAuthentication no\nKbdInteractiveAuthentication no" | sudo tee /etc/ssh/sshd_config.d/00-auth-hardening.conf
sudo /usr/sbin/sshd -T | grep -E '^(passwordauthentication|kbdinteractiveauthentication)\s'
sudo systemctl restart ssh.service
付録1:ゴール達成チェック
- Windows で鍵作成/公開鍵を Ubuntu に登録
- Windows・Ubuntu 双方で known_hosts 非保存の既定
-
タイムゾーン
Asia/Tokyo -
opの sudo 無し化(NOPASSWD) -
pipxで Ansible 導入 -
~/.ansible.cfgで host_key_checking 無効化 -
ansible all -i ・・・が SUCCESS
付録2:ログ
Windows 側
ログ
PS C:\Users\y_mrok> ssh-keygen -t ed25519 -C "op@ctrl"
Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\y_mrok/.ssh/id_ed25519):
Created directory 'C:\\Users\\y_mrok/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in C:\Users\y_mrok/.ssh/id_ed25519
Your public key has been saved in C:\Users\y_mrok/.ssh/id_ed25519.pub
The key fingerprint is:
SHA256:5AveMsMCxjktuD+J6sJ+YPFRKctY5X4Kp46kbk4WkfI op@ctrl
The key's randomart image is:
+--[ED25519 256]--+
| ... |
| .o.o |
|.o+ +. . |
|.*.*. o |
|..E.oo..S |
| =.=+ooo . |
|+=.o..* o |
|B+=. . + |
|@*oo |
+----[SHA256]-----+
PS C:\Users\y_mrok>
PS C:\Users\y_mrok> type $env:USERPROFILE\.ssh\id_ed25519.pub |
>> ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=NUL op@192.168.100.10 `
>> "cat >> ~/.ssh/authorized_keys && sort -u ~/.ssh/authorized_keys -o ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"
Warning: Permanently added '192.168.100.10' (ED25519) to the list of known hosts.
op@192.168.100.10's password:
PS C:\Users\y_mrok>
PS C:\Users\y_mrok> $cfg = @"
>> Host *
>> StrictHostKeyChecking no
>> UserKnownHostsFile NUL
>>
>> Host ctrl
>> HostName 192.168.100.10
>> User op
>> IdentityFile ~/.ssh/id_ed25519
>> "@
PS C:\Users\y_mrok> $cfg | Out-File -FilePath "$env:USERPROFILE\.ssh\config" -Encoding ascii -Force
PS C:\Users\y_mrok>
PS C:\Users\y_mrok> ssh ctrl
Warning: Permanently added '192.168.100.10' (ED25519) to the list of known hosts.
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.8.0-84-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Thu Sep 25 12:25:29 PM UTC 2025
System load: 0.04 Processes: 259
Usage of /: 35.1% of 18.53GB Users logged in: 0
Memory usage: 3% IPv4 address for ens32: 192.168.100.10
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
12 updates can be applied immediately.
To see these additional updates run: apt list --upgradable
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
op@ctrl:~$
Ubuntu 側
ログ
op@ctrl:~$ sudo apt update
[sudo] password for op:
Get:1 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Hit:2 http://jp.archive.ubuntu.com/ubuntu noble InRelease
Get:3 http://jp.archive.ubuntu.com/ubuntu noble-updates InRelease [126 kB]
Get:4 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [1,164 kB]
Get:5 http://jp.archive.ubuntu.com/ubuntu noble-backports InRelease [126 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 Packages [1,443 kB]
Get:7 http://jp.archive.ubuntu.com/ubuntu noble-updates/main Translation-en [282 kB]
Get:8 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 Components [175 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 c-n-f Metadata [15.3 kB]
Get:10 http://jp.archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Packages [1,957 kB]
Get:11 http://jp.archive.ubuntu.com/ubuntu noble-updates/restricted Translation-en [441 kB]
Get:12 http://jp.archive.ubuntu.com/ubuntu noble-updates/restricted amd64 Components [212 B]
Get:13 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 Packages [1,485 kB]
Get:14 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 Components [377 kB]
Get:15 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 c-n-f Metadata [31.1 kB]
Get:16 http://jp.archive.ubuntu.com/ubuntu noble-updates/multiverse amd64 Components [940 B]
Get:17 http://jp.archive.ubuntu.com/ubuntu noble-backports/main amd64 Components [7,072 B]
Get:18 http://jp.archive.ubuntu.com/ubuntu noble-backports/restricted amd64 Components [212 B]
Get:19 http://jp.archive.ubuntu.com/ubuntu noble-backports/universe amd64 Components [19.2 kB]
Get:20 http://jp.archive.ubuntu.com/ubuntu noble-backports/multiverse amd64 Components [212 B]
Get:21 http://security.ubuntu.com/ubuntu noble-security/main Translation-en [197 kB]
Get:22 http://security.ubuntu.com/ubuntu noble-security/main amd64 Components [21.6 kB]
Get:23 http://security.ubuntu.com/ubuntu noble-security/main amd64 c-n-f Metadata [8,744 B]
Get:24 http://security.ubuntu.com/ubuntu noble-security/restricted amd64 Components [212 B]
Get:25 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Components [52.2 kB]
Get:26 http://security.ubuntu.com/ubuntu noble-security/multiverse amd64 Components [212 B]
Fetched 8,057 kB in 8s (992 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
12 packages can be upgraded. Run 'apt list --upgradable' to see them.
op@ctrl:~$
op@ctrl:~$ sudo apt -y dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
bind9-dnsutils bind9-host bind9-libs coreutils dpkg fwupd landscape-common libfwupd2 powermgmt-base
python3-software-properties software-properties-common systemd-hwe-hwdb
12 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 standard LTS security update
Need to get 9,035 kB of archives.
After this operation, 15.4 kB of additional disk space will be used.
Get:1 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 coreutils amd64 9.4-3ubuntu6.1 [1,413 kB]
Get:2 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 dpkg amd64 1.22.6ubuntu6.5 [1,282 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 systemd-hwe-hwdb all 255.1.5 [3,518 B]
Get:4 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 bind9-host amd64 1:9.18.39-0ubuntu0.24.04.1 [50.5 kB]
Get:5 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 bind9-dnsutils amd64 1:9.18.39-0ubuntu0.24.04.1 [156 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 bind9-libs amd64 1:9.18.39-0ubuntu0.24.04.1 [1,257 kB]
Get:7 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 powermgmt-base all 1.37ubuntu0.1 [7,650 B]
Get:8 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 libfwupd2 amd64 1.9.31-0ubuntu1~24.04.1 [136 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 fwupd amd64 1.9.31-0ubuntu1~24.04.1 [4,592 kB]
Get:10 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 landscape-common amd64 24.02-0ubuntu5.6 [93.2 kB]
Get:11 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 software-properties-common all 0.99.49.3 [14.4 kB]
Get:12 http://jp.archive.ubuntu.com/ubuntu noble-updates/main amd64 python3-software-properties all 0.99.49.3 [29.9 kB]
Fetched 9,035 kB in 5s (1,913 kB/s)
Preconfiguring packages ...
(Reading database ... 87044 files and directories currently installed.)
Preparing to unpack .../coreutils_9.4-3ubuntu6.1_amd64.deb ...
Unpacking coreutils (9.4-3ubuntu6.1) over (9.4-3ubuntu6) ...
Setting up coreutils (9.4-3ubuntu6.1) ...
(Reading database ... 87044 files and directories currently installed.)
Preparing to unpack .../dpkg_1.22.6ubuntu6.5_amd64.deb ...
Unpacking dpkg (1.22.6ubuntu6.5) over (1.22.6ubuntu6.1) ...
Setting up dpkg (1.22.6ubuntu6.5) ...
(Reading database ... 87044 files and directories currently installed.)
Preparing to unpack .../0-systemd-hwe-hwdb_255.1.5_all.deb ...
Unpacking systemd-hwe-hwdb (255.1.5) over (255.1.4) ...
Preparing to unpack .../1-bind9-host_1%3a9.18.39-0ubuntu0.24.04.1_amd64.deb ...
Unpacking bind9-host (1:9.18.39-0ubuntu0.24.04.1) over (1:9.18.30-0ubuntu0.24.04.2) ...
Preparing to unpack .../2-bind9-dnsutils_1%3a9.18.39-0ubuntu0.24.04.1_amd64.deb ...
Unpacking bind9-dnsutils (1:9.18.39-0ubuntu0.24.04.1) over (1:9.18.30-0ubuntu0.24.04.2) ...
Preparing to unpack .../3-bind9-libs_1%3a9.18.39-0ubuntu0.24.04.1_amd64.deb ...
Unpacking bind9-libs:amd64 (1:9.18.39-0ubuntu0.24.04.1) over (1:9.18.30-0ubuntu0.24.04.2) ...
Preparing to unpack .../4-powermgmt-base_1.37ubuntu0.1_all.deb ...
Unpacking powermgmt-base (1.37ubuntu0.1) over (1.37) ...
Preparing to unpack .../5-libfwupd2_1.9.31-0ubuntu1~24.04.1_amd64.deb ...
Unpacking libfwupd2:amd64 (1.9.31-0ubuntu1~24.04.1) over (1.9.30-0ubuntu1~24.04.1) ...
Preparing to unpack .../6-fwupd_1.9.31-0ubuntu1~24.04.1_amd64.deb ...
Unpacking fwupd (1.9.31-0ubuntu1~24.04.1) over (1.9.30-0ubuntu1~24.04.1) ...
Preparing to unpack .../7-landscape-common_24.02-0ubuntu5.6_amd64.deb ...
Unpacking landscape-common (24.02-0ubuntu5.6) over (24.02-0ubuntu5.3) ...
Preparing to unpack .../8-software-properties-common_0.99.49.3_all.deb ...
Unpacking software-properties-common (0.99.49.3) over (0.99.49.2) ...
Preparing to unpack .../9-python3-software-properties_0.99.49.3_all.deb ...
Unpacking python3-software-properties (0.99.49.3) over (0.99.49.2) ...
Setting up powermgmt-base (1.37ubuntu0.1) ...
Setting up bind9-libs:amd64 (1:9.18.39-0ubuntu0.24.04.1) ...
Setting up libfwupd2:amd64 (1.9.31-0ubuntu1~24.04.1) ...
Setting up landscape-common (24.02-0ubuntu5.6) ...
Setting up python3-software-properties (0.99.49.3) ...
Setting up systemd-hwe-hwdb (255.1.5) ...
Setting up bind9-host (1:9.18.39-0ubuntu0.24.04.1) ...
Setting up fwupd (1.9.31-0ubuntu1~24.04.1) ...
fwupd-offline-update.service is a disabled or a static unit not running, not starting it.
fwupd-refresh.service is a disabled or a static unit not running, not starting it.
fwupd.service is a disabled or a static unit not running, not starting it.
Setting up software-properties-common (0.99.49.3) ...
Setting up bind9-dnsutils (1:9.18.39-0ubuntu0.24.04.1) ...
Processing triggers for libc-bin (2.39-0ubuntu8.6) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for dbus (1.14.10-4ubuntu4.1) ...
Processing triggers for udev (255.4-1ubuntu8.10) ...
Processing triggers for install-info (7.1-3build2) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
op@ctrl:~$
op@ctrl:~$ sudo apt -y autoremove
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
op@ctrl:~$
op@ctrl:~$ sudo reboot
Broadcast message from root@ctrl on pts/1 (Thu 2025-09-25 12:33:54 UTC):
The system will reboot now!
op@ctrl:~$ client_loop: send disconnect: Connection reset
PS C:\Users\y_mrok>
op@ctrl:~$ client_loop: send disconnect: Connection reset
PS C:\Users\y_mrok>
PS C:\Users\y_mrok>
PS C:\Users\y_mrok> ssh ctrl
Warning: Permanently added '192.168.100.10' (ED25519) to the list of known hosts.
Welcome to Ubuntu 24.04.3 LTS (GNU/Linux 6.8.0-84-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Thu Sep 25 12:36:15 PM UTC 2025
System load: 0.0 Processes: 258
Usage of /: 35.2% of 18.53GB Users logged in: 0
Memory usage: 3% IPv4 address for ens32: 192.168.100.10
Swap usage: 0%
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Last login: Thu Sep 25 12:25:29 2025 from 192.168.100.128
op@ctrl:~$ sudo timedatectl set-timezone Asia/Tokyo
[sudo] password for op:
op@ctrl:~$
op@ctrl:~$ timedatectl
Local time: Thu 2025-09-25 21:36:36 JST
Universal time: Thu 2025-09-25 12:36:36 UTC
RTC time: Thu 2025-09-25 12:36:36
Time zone: Asia/Tokyo (JST, +0900)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
op@ctrl:~$
op@ctrl:~$ sudo usermod -aG sudo op
op@ctrl:~$
op@ctrl:~$ echo "op ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/99-op-nopw >/dev/null
op@ctrl:~$
op@ctrl:~$ sudo chmod 440 /etc/sudoers.d/99-op-nopw
op@ctrl:~$
op@ctrl:~$ cat > ~/.ssh/config <<'EOF'
Host *
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
GlobalKnownHostsFile /dev/null
CheckHostIP no
EOF
op@ctrl:~$ chmod 0600 ~/.ssh/config
op@ctrl:~$
op@ctrl:~$ sudo apt update
Hit:1 http://security.ubuntu.com/ubuntu noble-security InRelease
Hit:2 http://jp.archive.ubuntu.com/ubuntu noble InRelease
Hit:3 http://jp.archive.ubuntu.com/ubuntu noble-updates InRelease
Hit:4 http://jp.archive.ubuntu.com/ubuntu noble-backports InRelease
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
All packages are up to date.
op@ctrl:~$
op@ctrl:~$ sudo apt install -y pipx
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
python3-argcomplete python3-pip-whl python3-platformdirs python3-psutil python3-setuptools-whl python3-userpath
python3-venv python3.12-venv
The following NEW packages will be installed:
pipx python3-argcomplete python3-pip-whl python3-platformdirs python3-psutil python3-setuptools-whl python3-userpath
python3-venv python3.12-venv
0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.
Need to get 3,471 kB of archives.
After this operation, 7,648 kB of additional disk space will be used.
Get:1 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 python3-pip-whl all 24.0+dfsg-1ubuntu1.3 [1,707 kB]
Get:2 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 python3-setuptools-whl all 68.1.2-2ubuntu1.2 [716 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 python3.12-venv amd64 3.12.3-1ubuntu0.8 [5,678 B]
Get:4 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 python3-venv amd64 3.12.3-0ubuntu2 [1,034 B]
Get:5 http://jp.archive.ubuntu.com/ubuntu noble-updates/universe amd64 python3-argcomplete all 3.1.4-1ubuntu0.1 [33.8 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu noble/main amd64 python3-platformdirs all 4.2.0-1 [16.1 kB]
Get:7 http://jp.archive.ubuntu.com/ubuntu noble/universe amd64 python3-userpath all 1.9.1-1 [9,416 B]
Get:8 http://jp.archive.ubuntu.com/ubuntu noble/universe amd64 pipx all 1.4.3-1 [787 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu noble/main amd64 python3-psutil amd64 5.9.8-2build2 [195 kB]
Fetched 3,471 kB in 4s (929 kB/s)
Selecting previously unselected package python3-pip-whl.
(Reading database ... 87045 files and directories currently installed.)
Preparing to unpack .../0-python3-pip-whl_24.0+dfsg-1ubuntu1.3_all.deb ...
Unpacking python3-pip-whl (24.0+dfsg-1ubuntu1.3) ...
Selecting previously unselected package python3-setuptools-whl.
Preparing to unpack .../1-python3-setuptools-whl_68.1.2-2ubuntu1.2_all.deb ...
Unpacking python3-setuptools-whl (68.1.2-2ubuntu1.2) ...
Selecting previously unselected package python3.12-venv.
Preparing to unpack .../2-python3.12-venv_3.12.3-1ubuntu0.8_amd64.deb ...
Unpacking python3.12-venv (3.12.3-1ubuntu0.8) ...
Selecting previously unselected package python3-venv.
Preparing to unpack .../3-python3-venv_3.12.3-0ubuntu2_amd64.deb ...
Unpacking python3-venv (3.12.3-0ubuntu2) ...
Selecting previously unselected package python3-argcomplete.
Preparing to unpack .../4-python3-argcomplete_3.1.4-1ubuntu0.1_all.deb ...
Unpacking python3-argcomplete (3.1.4-1ubuntu0.1) ...
Selecting previously unselected package python3-platformdirs.
Preparing to unpack .../5-python3-platformdirs_4.2.0-1_all.deb ...
Unpacking python3-platformdirs (4.2.0-1) ...
Selecting previously unselected package python3-userpath.
Preparing to unpack .../6-python3-userpath_1.9.1-1_all.deb ...
Unpacking python3-userpath (1.9.1-1) ...
Selecting previously unselected package pipx.
Preparing to unpack .../7-pipx_1.4.3-1_all.deb ...
Unpacking pipx (1.4.3-1) ...
Selecting previously unselected package python3-psutil.
Preparing to unpack .../8-python3-psutil_5.9.8-2build2_amd64.deb ...
Unpacking python3-psutil (5.9.8-2build2) ...
Setting up python3-setuptools-whl (68.1.2-2ubuntu1.2) ...
Setting up python3-pip-whl (24.0+dfsg-1ubuntu1.3) ...
Setting up python3-platformdirs (4.2.0-1) ...
Setting up python3-psutil (5.9.8-2build2) ...
Setting up python3-argcomplete (3.1.4-1ubuntu0.1) ...
Setting up python3-userpath (1.9.1-1) ...
Setting up python3.12-venv (3.12.3-1ubuntu0.8) ...
Setting up python3-venv (3.12.3-0ubuntu2) ...
Setting up pipx (1.4.3-1) ...
Processing triggers for man-db (2.12.0-4build2) ...
Scanning processes...
Scanning linux images...
Running kernel seems to be up-to-date.
No services need to be restarted.
No containers need to be restarted.
No user sessions are running outdated binaries.
No VM guests are running outdated hypervisor (qemu) binaries on this host.
op@ctrl:~$
op@ctrl:~$ pipx ensurepath
Success! Added /home/op/.local/bin to the PATH environment variable.
Consider adding shell completions for pipx. Run 'pipx completions' for instructions.
You will need to open a new terminal or re-login for the PATH changes to take effect.
Otherwise pipx is ready to go! ✨ 🌟 ✨
op@ctrl:~$
op@ctrl:~$ . ~/.profile
op@ctrl:~$
op@ctrl:~$ pipx install --include-deps ansible
installed package ansible 12.0.0, installed using Python 3.12.3
These apps are now globally available
- ansible
- ansible-community
- ansible-config
- ansible-console
- ansible-doc
- ansible-galaxy
- ansible-inventory
- ansible-playbook
- ansible-pull
- ansible-test
- ansible-vault
done! ✨ 🌟 ✨
op@ctrl:~$
op@ctrl:~$ ansible --version
ansible [core 2.19.2]
config file = None
configured module search path = ['/home/op/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/op/.local/share/pipx/venvs/ansible/lib/python3.12/site-packages/ansible
ansible collection location = /home/op/.ansible/collections:/usr/share/ansible/collections
executable location = /home/op/.local/bin/ansible
python version = 3.12.3 (main, Aug 14 2025, 17:47:21) [GCC 13.3.0] (/home/op/.local/share/pipx/venvs/ansible/bin/python)
jinja version = 3.1.6
pyyaml version = 6.0.2 (with libyaml v0.2.5)
op@ctrl:~$
op@ctrl:~$ mkdir -p ~/.ansible
op@ctrl:~$
op@ctrl:~$ cat > ~/.ansible.cfg <<'EOF'
[defaults]
host_key_checking = False
[ssh_connection]
ssh_args = -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o GlobalKnownHostsFile=/dev/null
EOF
op@ctrl:~$
op@ctrl:~$ ansible all -i 'localhost,' -c local -m ansible.builtin.ping \
-e 'ansible_python_interpreter=auto_silent'
localhost | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python3.12"
},
"changed": false,
"ping": "pong"
}
op@ctrl:~$
op@ctrl:~$ echo -e "passwordAuthentication no\nKbdInteractiveAuthentication no" | sudo tee /etc/ssh/sshd_config.d/00-auth-hardening.conf
passwordAuthentication no
KbdInteractiveAuthentication no
op@ctrl:~$
op@ctrl:~$ sudo /usr/sbin/sshd -T | grep -E '^(passwordauthentication|kbdinteractiveauthentication)\s'
passwordauthentication no
kbdinteractiveauthentication no
op@ctrl:~$
op@ctrl:~$ sudo systemctl restart ssh.service
op@ctrl:~$
-
Ubuntu Server のインストール時に作成される ↩︎
Discussion