Ansible user unable to connect to hosts

Question

Ansible user unable to connect to hosts

fox27374 opened this issue 2 years ago · 2 comments

Hi,
when connected to the ubuntu-c machine, its not possible for ansible to build a SSH connection to the hosts. A normal, password bases SSH connection is possible.

There is no private key for the ansible user:

ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/03$ ls -la ~/.ssh/
drwx------  3 ansible ansible   96 Jan 23 13:35 .
drwxr-xr-x 11 ansible ansible  352 Jan 23 13:39 ..
-rw-r--r--  1 ansible ansible 2664 Jan 23 13:44 known_hosts

When configuring the username and password in the ansible.cfg or hosts file, I get the following error:

ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/03$ ansible all -m ping
centos1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ansible@centos1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

Here some more verbose output:

ansible@ubuntu-c:~/diveintoansible/Ansible Architecture and Design/Inventories/03$ ansible all -m ping -vvv
ansible [core 2.12.3]
  config file = /home/ansible/diveintoansible/Ansible Architecture and Design/Inventories/03/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
  jinja version = 3.0.3
  libyaml = True
Using /home/ansible/diveintoansible/Ansible Architecture and Design/Inventories/03/ansible.cfg as config file
host_list declined parsing /home/ansible/diveintoansible/Ansible Architecture and Design/Inventories/03/hosts as it did not pass its verify_file() method
auto declined parsing /home/ansible/diveintoansible/Ansible Architecture and Design/Inventories/03/hosts as it did not pass its verify_file() method
Parsed /home/ansible/diveintoansible/Ansible Architecture and Design/Inventories/03/hosts inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
META: ran handlers
<centos1> ESTABLISH SSH CONNECTION FOR USER: ansible
<centos1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="ansible"' -o ConnectTimeout=10 -o 'ControlPath="/dev/shm/4913f9b9ed"' centos1 '/bin/sh -c '"'"'echo ~ansible && sleep 0'"'"''
<centos2> ESTABLISH SSH CONNECTION FOR USER: None
<centos2> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o 'ControlPath="/dev/shm/42a7aa40a0"' centos2 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<centos3> ESTABLISH SSH CONNECTION FOR USER: None
<centos3> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o 'ControlPath="/dev/shm/6360373fbb"' centos3 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<centos1> (255, b'', b'ansible@centos1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
<ubuntu1> ESTABLISH SSH CONNECTION FOR USER: None
<ubuntu1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o 'ControlPath="/dev/shm/492fe51149"' ubuntu1 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
centos1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: ansible@centos1: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
    "unreachable": true
}

So either the "PasswordAuthentication" in the ansible config should be set to "yes", or certificates should be generated before the start of the docker containers as it is done in the Google Cloud Shell version.

Answer 1 · 2023-01-23T14:36:07.000Z

Adding the certificate generation to the documentation would fix the issue:

cp -rf \
    ${HOME}/diveintoansible-lab/config/guest_ssh \
    ${HOME}/diveintoansible-lab/config/root_ssh; \
    cp -rf \
    ${HOME}/diveintoansible-lab/config/guest_ssh.pub \
    ${HOME}/diveintoansible-lab/config/root_ssh.pub