'troubleshooting ansible SSH can't reach a root cause
I'm having issues running some playbooks where I define ansible_user_ssh=root in the command line and the ssh command through ansible, returns permission denied.
HOST | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
I'm trying to troubleshoot it and I don't get the root cause.
The keys from root and even the user defined in the inventory (functional users) file are correctly disseminated. If I do ssh from the root user or functional user, it works no issue in there.
if I execute:
ansible -i /app/user/applications/inventory/commercialaseenv300-hosts -m ping -u root HOST
It works
If I execute:
ansible -i /app/user/applications/inventory/commercialaseenv300-hosts -m ping -e ansible_ssh_user=root HOST
It doesn't work. Returns permission denied
If I execute:
sudo ansible -i /app/user/applications/inventory/commercialaseenv300-hosts -m ping -e ansible_ssh_user=root HOST
It works
If I change to root user and execute:
ansible -i /app/user/applications/inventory/commercialaseenv300-hosts -m ping -e ansible_ssh_user=root HOST
It works
But I need the one that doens't work to work as it is part of a large script. This was working correctly before and as far as I know, there was no system change.
Could some out of the box eyes give a tip or two. Thank you in advance
Solution 1:[1]
the issue was still related with key share. found out that a key has changed (someone ran keygen by mistake) the keys between the ansible user and root user wasn't correct.
Solution 2:[2]
Using become could be helpful,
$ ansible all -m ping --become-user=root
192.168.1.5 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
Need to provide ssh password if you run command/playbook from different user.
$ ansible all -m ping -e ansible_ssh_user=root -k
SSH password:
192.168.1.5 | SUCCESS => {
"ansible_facts": {
"discovered_interpreter_python": "/usr/bin/python"
},
"changed": false,
"ping": "pong"
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | anmoreira |
| Solution 2 | Reasad Amin |