Is that documented? I don't see it here: http://docs.ansible.com/intro_inventory.html#list-of-behavioral-inventory-parameters
Any explanations on why? It seems counter intuitive to me. I would think we'd always want to use pubkey auth, and only use password auth if pubkey isn't available. --David Reagan On Wed, Nov 5, 2014 at 1:08 PM, Matt Martz <[email protected]> wrote: > If you have ansible_ssh_pass set, ansible explicitly sets "-o > PubkeyAuthentication=no" which disables the use of SSH public key auth. > > On Wed, Nov 5, 2014 at 2:35 PM, David Reagan <[email protected]> wrote: > >> When I'm first setting up a vm, I need to set which user to use and the >> ssh and sudo passwords. >> >> So, my host file looks something like: >> >> [apache] >>> 192.168.77.2 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant >>> ansible_sudo_pass=vagrant >>> [mysql] >>> 192.168.77.3 ansible_ssh_user=vagrant ansible_ssh_pass=vagrant >>> ansible_sudo_pass=vagrant >>> >> >> The initial setup includes configuring ssh to use sshkey auth, block >> password auth, and adds my ssh pub key to the vagrant user. >> >> After that first run, my playbooks fail. >> >> >> ansible-playbook -i provisioning/vagrant.ansible.hosts --sudo >>> --limit="192.168.77.3" provisioning/play.testowncloud.yml >>> >>> PLAY [apache] >>> ***************************************************************** >>> skipping: no hosts matched >>> >>> PLAY [mysql] >>> ****************************************************************** >>> >>> GATHERING FACTS >>> *************************************************************** >>> fatal: [192.168.77.3] => SSH encountered an unknown error during the >>> connection. We recommend you re-run the command using -vvvv, which will >>> enable SSH debugging output to help diagnose the issue >>> >>> TASK: [aspects_mysql_server | include_vars {{ ansible_os_family }}.yml] >>> ******* >>> FATAL: no hosts matched or all hosts have already failed -- aborting >>> >>> >>> PLAY RECAP >>> ******************************************************************** >>> to retry, use: --limit >>> @/home/localuser/play.testowncloud.retry >>> >>> 192.168.77.3 : ok=0 changed=0 unreachable=1 >>> failed=0 >>> >> >> >> If I remove the *ansible_ssh_pass* variable from my hosts file, it >> starts working. >> >> Why is that? Shouldn't having the *ansible_ssh_pass* set not matter? >> >> >> In case it's useful, my /etc/ssh/sshd_config: >> >> # See the sshd_config(5) manpage for details on what options you can set. >>> Protocol 2 >>> HostKey /etc/ssh/ssh_host_dsa_key >>> HostKey /etc/ssh/ssh_host_ecdsa_key >>> UsePrivilegeSeparation yes >>> AcceptEnv LANG LC_* >>> HostKey /etc/ssh/ssh_host_rsa_key >>> Port 22 >>> PubkeyAuthentication yes >>> ServerKeyBits 768 >>> PrintMotd no >>> AllowUsers otherusers localuser vagrant >>> PrintLastLog yes >>> HostbasedAuthentication no >>> LoginGraceTime 120 >>> SyslogFacility AUTH >>> X11DisplayOffset 10 >>> IgnoreRhosts yes >>> PasswordAuthentication no >>> TCPKeepAlive yes >>> KeyRegenerationInterval 3600 >>> UsePAM yes >>> LogLevel INFO >>> RhostsRSAAuthentication no >>> PermitEmptyPasswords no >>> PermitRootLogin no >>> Subsystem sftp /usr/lib/openssh/sftp-server >>> X11Forwarding yes >>> RSAAuthentication yes >>> ChallengeResponseAuthentication no >>> >> >> Both desktop and vm are Ubuntu 14.04. Using ansible devel branch current >> as of a couple weeks ago. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/7bcee974-eaf4-487d-b97f-a6f897395784%40googlegroups.com >> <https://groups.google.com/d/msgid/ansible-project/7bcee974-eaf4-487d-b97f-a6f897395784%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Matt Martz > @sivel > sivel.net > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/AqMAoVRd6EM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAD8N0v_n96QpoJtek%2BTW1Yc%2BNAMCaCoa%3Dd3s0Y8Zp3YyoXSLcA%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAD8N0v_n96QpoJtek%2BTW1Yc%2BNAMCaCoa%3Dd3s0Y8Zp3YyoXSLcA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CANo%2B_AfTJQWFOeB%2BCUW2XFWW16Yf44uYe-XJSLRxO7K1v09WFw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
