My organisation has a policy in place that allows "only" the below ssh command to work.

ssh -i /tmp/private.key -t user2@host2 bash --noprofile

I tried to modify the ansible inventory host file to construct the above ssh. See my ansible host file below:

host2 ansible_ssh_common_args="-t -o UserKnownHostsFile=/dev/null" ansible_shell_executable=sh ANSIBLE_HOST_KEY_CHECKING=false ansible_ssh_private_key_file=/tmp/private.key  USER_RUN=user2

I also tried the below but they too fail

ansible_shell_executable=/bin/bash
ansible_ssh_extra_arg=.....

My ansible version is:

ansible --version

ansible 2.7.1

  config file = /etc/ansible/ansible.cfg

  configured module search path = [u'/home/user1/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

  ansible python module location = /usr/lib/python2.7/site-packages/ansible

  executable location = /bin/ansible

  python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]

In debug i see that the ssh constructed by ansible does not have

bash --noprfile

after user2@target2

Please help provide a solution.

To achieve this, you can set the remote shell for specific hosts via

Inventory

some_host  ansible_shell_executable="/bin/bash --noprofile"
other_host ansible_shell_executable="/bin/bash --noprofile"

or globally via

ansible.cfg

executable = /bin/bash --noprofile

More information can be found in the ansible documentation.

Please note, that ansible additionally does sftp transfers under the hood.

IMHO if you want to use ansible in your organisation, it would be reasonable to change the policy.