If you have ansible_ssh_pass set, ansible explicitly sets "-o PubkeyAuthentication=no" which disables the use of SSH public key auth.
On Wed, Nov 5, 2014 at 2:35 PM, David Reagan <[email protected]> wrote: > When I'm first setting up a vm, I need to set which user to use and the > ssh and sudo passwords. > > So, my host file looks something like: > > [apache] >> 192.168.77.2 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant >> ansible_sudo_pass=vagrant >> [mysql] >> 192.168.77.3 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant >> ansible_sudo_pass=vagrant >> > > The initial setup includes configuring ssh to use sshkey auth, block > password auth, and adds my ssh pub key to the vagrant user. > > After that first run, my playbooks fail. > > > ansible-playbook -i provisioning/vagrant.ansible.hosts --sudo >> --limit="192.168.77.3" provisioning/play.testowncloud.yml >> >> PLAY [apache] >> ***************************************************************** >> skipping: no hosts matched >> >> PLAY [mysql] >> ****************************************************************** >> >> GATHERING FACTS >> *************************************************************** >> fatal: [192.168.77.3] => SSH encountered an unknown error during the >> connection. We recommend you re-run the command using -vvvv, which will >> enable SSH debugging output to help diagnose the issue >> >> TASK: [aspects_mysql_server | include_vars {{ ansible_os_family }}.yml] >> ******* >> FATAL: no hosts matched or all hosts have already failed -- aborting >> >> >> PLAY RECAP >> ******************************************************************** >> to retry, use: --limit @/home/localuser/play.testowncloud.retry >> >> 192.168.77.3 : ok=0 changed=0 unreachable=1 >> failed=0 >> > > > If I remove the *ansible_ssh_pass* variable from my hosts file, it starts > working. > > Why is that? Shouldn't having the *ansible_ssh_pass* set not matter? > > > In case it's useful, my /etc/ssh/sshd_config: > > # See the sshd_config(5) manpage for details on what options you can set. >> Protocol 2 >> HostKey /etc/ssh/ssh_host_dsa_key >> HostKey /etc/ssh/ssh_host_ecdsa_key >> UsePrivilegeSeparation yes >> AcceptEnv LANG LC_* >> HostKey /etc/ssh/ssh_host_rsa_key >> Port 22 >> PubkeyAuthentication yes >> ServerKeyBits 768 >> PrintMotd no >> AllowUsers otherusers localuser vagrant >> PrintLastLog yes >> HostbasedAuthentication no >> LoginGraceTime 120 >> SyslogFacility AUTH >> X11DisplayOffset 10 >> IgnoreRhosts yes >> PasswordAuthentication no >> TCPKeepAlive yes >> KeyRegenerationInterval 3600 >> UsePAM yes >> LogLevel INFO >> RhostsRSAAuthentication no >> PermitEmptyPasswords no >> PermitRootLogin no >> Subsystem sftp /usr/lib/openssh/sftp-server >> X11Forwarding yes >> RSAAuthentication yes >> ChallengeResponseAuthentication no >> > > Both desktop and vm are Ubuntu 14.04. Using ansible devel branch current > as of a couple weeks ago. > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/7bcee974-eaf4-487d-b97f-a6f897395784%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/7bcee974-eaf4-487d-b97f-a6f897395784%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v_n96QpoJtek%2BTW1Yc%2BNAMCaCoa%3Dd3s0Y8Zp3YyoXSLcA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
