I could be wrong but Anisble may be using paramiko on your machine instead of the ssh command. You can verify by adding -vvvv
Additionally you can try forcing ssh by using "-c ssh". On Friday, February 6, 2015, jason cafarelli <[email protected]> wrote: > Issue: > PAsswordless ssh works; ansible does not; comes back with AUTH failed. > Almost looks like my /root/.ssh/config is not being read by ansible? > > Workarounds: > setting key manually in /etc/ansible/ansible.cfg or using flag to specify > key in command line both work > > Kickstart/cobbler install with pre shared public key that is stored in > rsa_compute_node and rsa_compute_node.pub on the mgmt node. > > ie: > [root@mgmt2 ssh]# ls /root/.ssh/ > authorized_keys id_rsa id_rsa_compute.pub id_rsa_mgmt.pub > known_hosts > config id_rsa_compute id_rsa_mgmt id_rsa.pub > [root@mgmt2 ssh]# > > > Config file setup for certian hosts and using my custom ID file: > > [root@mgmt2 ssh]# cat /root/.ssh/config > Host 192.168.* > StrictHostKeyChecking=no > IdentityFile ~/.ssh/id_rsa_compute > > ssh works without password > [root@mgmt2 ~]# ssh 192.168.100.147 > [root@u-eth ~]# > > Ansible fails: > [root@mgmt2 ssh]# ansible compute -m ping > [WARNING]: The version of gmp you have installed has a known issue > regarding > timing vulnerabilities when used with pycrypto. If possible, you should > update > it (i.e. yum update gmp). > > 192.168.100.103 | FAILED => FAILED: Authentication failed. > 192.168.100.105 | FAILED => FAILED: Authentication failed. > 192.168.100.101 | FAILED => FAILED: Authentication failed. > 192.168.100.104 | FAILED => FAILED: Authentication failed. > 192.168.100.102 | FAILED => FAILED: Authentication failed. > 192.168.100.107 | FAILED => FAILED: Authentication failed. > 192.168.100.110 | FAILED => FAILED: Authentication failed. > 192.168.100.106 | FAILED => FAILED: Authentication failed. > 192.168.100.108 | FAILED => FAILED: Authentication failed. > 192.168.100.109 | FAILED => FAILED: Authentication failed. > 192.168.100.114 | FAILED => FAILED: Authentication failed. > 192.168.100.113 | FAILED => FAILED: Authentication failed. > 192.168.100.111 | FAILED => FAILED: Authentication failed. > 192.168.100.112 | FAILED => FAILED: Authentication failed. > 192.168.100.115 | FAILED => FAILED: Authentication failed. > 192.168.100.120 | FAILED => FAILED: Authentication failed. > 192.168.100.119 | FAILED => FAILED: Authentication failed. > 192.168.100.117 | FAILED => FAILED: Authentication failed. > 192.168.100.116 | FAILED => FAILED: Authentication failed. > 192.168.100.118 | FAILED => FAILED: Authentication failed. > 192.168.100.121 | FAILED => FAILED: Authentication failed. > 192.168.100.123 | FAILED => FAILED: Authentication failed. > 192.168.100.125 | FAILED => FAILED: Authentication failed. > 192.168.100.122 | FAILED => FAILED: Authentication failed. > 192.168.100.124 | FAILED => FAILED: Authentication failed. > 192.168.100.126 | FAILED => FAILED: Authentication failed. > 192.168.100.129 | FAILED => FAILED: Authentication failed. > 192.168.100.128 | FAILED => FAILED: Authentication failed. > 192.168.100.130 | FAILED => FAILED: Authentication failed. > 192.168.100.127 | FAILED => FAILED: Authentication failed. > 192.168.100.134 | FAILED => FAILED: Authentication failed. > 192.168.100.131 | FAILED => FAILED: Authentication failed. > 192.168.100.132 | FAILED => FAILED: Authentication failed. > 192.168.100.135 | FAILED => FAILED: Authentication failed. > 192.168.100.133 | FAILED => FAILED: Authentication failed. > 192.168.100.137 | FAILED => FAILED: Authentication failed. > 192.168.100.139 | FAILED => FAILED: Authentication failed. > 192.168.100.138 | FAILED => FAILED: Authentication failed. > 192.168.100.140 | FAILED => FAILED: Authentication failed. > 192.168.100.136 | FAILED => FAILED: Authentication failed. > 192.168.100.142 | FAILED => FAILED: Authentication failed. > 192.168.100.143 | FAILED => FAILED: Authentication failed. > 192.168.100.144 | FAILED => FAILED: Authentication failed. > 192.168.100.145 | FAILED => FAILED: Authentication failed. > 192.168.100.141 | FAILED => FAILED: Authentication failed. > 192.168.100.146 | FAILED => FAILED: Authentication failed. > 192.168.100.147 | FAILED => FAILED: Authentication failed. > 192.168.100.148 | success >> { > "changed": false, > "ping": "pong" > } > > The last node; i ran ssh-copy-id as a sanity test. > > Version: > [root@mgmt2 ~]# rpm -qa | grep ans > dejavu-sans-fonts-2.30-2.el6.noarch > ansible-1.8.1-1.el6.noarch > [root@mgmt2 ~]# > > > [root@--eth .ssh]# service sshd stop; /usr/sbin/sshd -p 22 -D -d -e > debug1: sshd version OpenSSH_5.3p1 > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: rexec_argv[0]='/usr/sbin/sshd' > debug1: rexec_argv[1]='-p' > debug1: rexec_argv[2]='22' > debug1: rexec_argv[3]='-D' > debug1: rexec_argv[4]='-d' > debug1: rexec_argv[5]='-e' > Set /proc/self/oom_score_adj from 0 to -1000 > debug1: Bind to port 22 on 0.0.0.0. > Server listening on 0.0.0.0 port 22. > debug1: Bind to port 22 on ::. > Server listening on :: port 22. > debug1: Server will not fork when running in debugging mode. > debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8 > debug1: sshd version OpenSSH_5.3p1 > debug1: read PEM private key done: type RSA > debug1: private host key: #0 type 1 RSA > debug1: read PEM private key done: type DSA > debug1: private host key: #1 type 2 DSA > debug1: inetd sockets after dupping: 3, 3 > Connection from 192.168.1.2 port 52557 > debug1: Client protocol version 2.0; client software version paramiko_1.7.5 > debug1: no match: paramiko_1.7.5 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_5.3 > debug1: permanently_set_uid: 74/74 > debug1: list_hostkey_types: ssh-rsa,ssh-dss > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: client->server aes128-ctr hmac-sha1 none > debug1: kex: server->client aes128-ctr hmac-sha1 none > debug1: expecting SSH2_MSG_KEXDH_INIT > debug1: SSH2_MSG_NEWKEYS sent > debug1: expecting SSH2_MSG_NEWKEYS > debug1: SSH2_MSG_NEWKEYS received > debug1: KEX done > debug1: userauth-request for user root service ssh-connection method > publickey > debug1: attempt 0 failures 0 > debug1: PAM: initializing for "root" > debug1: PAM: setting PAM_RHOST to "192.168.1.2" > debug1: PAM: setting PAM_TTY to "ssh" > debug1: temporarily_use_uid: 0/0 (e=0/0) > debug1: trying public key file /root/.ssh/authorized_keys > debug1: fd 4 clearing O_NONBLOCK > debug1: restore_uid: 0/0 > debug1: temporarily_use_uid: 0/0 (e=0/0) > debug1: trying public key file /root/.ssh/authorized_keys2 > debug1: fd 4 clearing O_NONBLOCK > debug1: restore_uid: 0/0 > Failed publickey for root from 192.168.1.2 port 52557 ssh2 > Connection closed by 192.168.1.2 > debug1: do_cleanup > debug1: do_cleanup > debug1: PAM: cleanup > [root@urika-xa46-eth .ssh]# rm /root/.ssh/authorized_keys2 > rm: remove regular file `/root/.ssh/authorized_keys2'? y > [root@--eth .ssh]# > > LEt me know if you need anymore info, > > Thanks! > > -Jason > > > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <javascript:_e(%7B%7D,'cvml','ansible-project%[email protected]');> > . > To post to this group, send email to [email protected] > <javascript:_e(%7B%7D,'cvml','[email protected]');>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/2cc5504f-325e-438b-a7da-1ec7d39fa288%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/2cc5504f-325e-438b-a7da-1ec7d39fa288%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v9RcCpTe72%3DaZJ%3D56V8GFy4mZKoy4zZJqJ8DzcOhNHCPg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
