[ansible-project] Issues connecting when using the ios_facts module

[Matt Hickok]

Hey folks, I'm trying to gather some facts from a Cisco ASA. The ASA is 
configured as simply as possible and here are the relevant settings for the 
ASA

ASA Software Version: 9.2(2)
Hardware: ASA5515
Management IP: 10.0.2.5
SSH DH Key Exchange: Group 1 (diffie-hellman-group1-sha1)

I made sure that I can SSH into the device directly from the Ansible VM 
before anything, and this was sucessful. 

Ansible version is 2.5.2 (being run using the official ansible awx docker 
images)

Here is my inventory: 

[cisco]
10.0.2.5

[cisco:vars]
ansible_user=myuseraccount
ansible_ssh_pass=mypass
ansible_ssh_common_args: '-o KexAlgorithms=diffie-hellman-group1-sha1'

Here is my playbook: 
---
- hosts: cisco
  tasks:
    - name: "ssh facts"
      ios_facts:

So it is incredibly basic. Now the error I am getting is that the device is 
unreachable, but it looks like some sot of ssh multiplexing error. I don't 
really know how to read these logs. 

fatal: [10.0.2.5]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: OpenSSH_7.4p1, OpenSSL 
1.0.2k-fips  26 Jan 2017\r\ndebug1: Reading configuration data 
/etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying 
options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: 
Control socket \"/root/.ansible/cp/a0709b0bd0\" does not exist\r\ndebug2: 
resolving \"10.0.2.5\" port 22\r\ndebug2: ssh_connect_direct: needpriv 
0\r\ndebug1: Connecting to 10.0.2.5 [10.0.2.5] port 22.\r\ndebug2: fd 3 
setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: 
Connection established.\r\ndebug3: timeout: 9970 ms remain after 
connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: key_load_public: No 
such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa type 
-1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: 
identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No 
such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type 
-1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: 
identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: key_load_public: No 
such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa type 
-1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: 
identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: key_load_public: 
No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519 
type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: 
identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling 
compatibility mode for protocol 2.0\r\ndebug1: Local version string 
SSH-2.0-OpenSSH_7.4\r\ndebug1: Remote protocol version 1.99, remote 
software version Cisco-1.25\r\ndebug1: match: Cisco-1.25 pat Cisco-1.* 
compat 0x60000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: 
Authenticating to 10.0.2.5:22 as 'username'\r\ndebug3: hostkeys_foreach: 
reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found 
key type RSA in file /root/.ssh/known_hosts:2\r\ndebug3: load_hostkeys: 
loaded 1 keys from 10.0.2.5\r\ndebug3: order_hostkeyalgs: prefer 
hostkeyalgs: 
ssh-rsa-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug3: 
send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive 
packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local 
client KEXINIT proposal\r\ndebug2: KEX algorithms: 
curve25519-sha256,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c\r\ndebug2:
 
host key algorithms: 
ssh-rsa-cert-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-dss\r\ndebug2:
 
ciphers ctos: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc\r\ndebug2:
 
ciphers stoc: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc\r\ndebug2:
 
MACs ctos: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2:
 
MACs stoc: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2:
 
compression ctos: z...@openssh.com,zlib,none\r\ndebug2: compression stoc: 
z...@openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages 
stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: 
peer server KEXINIT proposal\r\ndebug2: KEX algorithms: 
diffie-hellman-group1-sha1\r\ndebug2: host key algorithms: 
ssh-rsa\r\ndebug2: ciphers ctos: 
3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr\r\ndebug2:
 
ciphers stoc: 
3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr\r\ndebug2:
 
MACs ctos: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96\r\ndebug2: MACs 
stoc: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96\r\ndebug2: compression 
ctos: none\r\ndebug2: compression stoc: none\r\ndebug2: languages ctos: 
\r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: 
reserved 0 \r\ndebug1: kex: algorithm: 
diffie-hellman-group1-sha1\r\ndebug1: kex: host key algorithm: 
ssh-rsa\r\ndebug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha1 
compression: none\r\ndebug1: kex: client->server cipher: aes128-ctr MAC: 
hmac-sha1 compression: none\r\ndebug1: kex: diffie-hellman-group1-sha1 
need=20 dh_need=20\r\ndebug1: kex: diffie-hellman-group1-sha1 need=20 
dh_need=20\r\ndebug1: sending SSH2_MSG_KEXDH_INIT\r\ndebug2: bits set: 
519/1024\r\ndebug3: send packet: type 30\r\ndebug1: expecting 
SSH2_MSG_KEXDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server 
host key: ssh-rsa 
SHA256:WtXW5XP28po8AiO/FtGdKkUB1eNblXwfxN99jmMmxys\r\ndebug3: 
hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: 
record_hostkey: found key type RSA in file 
/root/.ssh/known_hosts:2\r\ndebug3: load_hostkeys: loaded 1 keys from 
10.0.2.5\r\ndebug1: Host '10.0.2.5' is known and matches the RSA host 
key.\r\ndebug1: Found key in /root/.ssh/known_hosts:2\r\ndebug2: bits set: 
525/1024\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 
1\r\ndebug1: rekey after 4294967296 blocks\r\ndebug1: SSH2_MSG_NEWKEYS 
sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 
21\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: set_newkeys: mode 
0\r\ndebug1: rekey after 4294967296 blocks\r\ndebug2: key: 
/root/.ssh/id_rsa ((nil))\r\ndebug2: key: /root/.ssh/id_dsa 
((nil))\r\ndebug2: key: /root/.ssh/id_ecdsa ((nil))\r\ndebug2: key: 
/root/.ssh/id_ed25519 ((nil))\r\ndebug3: send packet: type 5\r\ndebug3: 
receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: 
SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: 
receive packet: type 51\r\ndebug1: Authentications that can continue: 
publickey,password\r\ndebug3: start over, passed a different list 
publickey,password\r\ndebug3: preferred 
gssapi-keyex,gssapi-with-mic,publickey,keyboard-interactive,password\r\ndebug3: 
authmethod_lookup publickey\r\ndebug3: remaining preferred: 
keyboard-interactive,password\r\ndebug3: authmethod_is_enabled 
publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: 
Trying private key: /root/.ssh/id_rsa\r\ndebug3: no such identity: 
/root/.ssh/id_rsa: No such file or directory\r\ndebug1: Trying private key: 
/root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such 
file or directory\r\ndebug1: Trying private key: 
/root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No 
such file or directory\r\ndebug1: Trying private key: 
/root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: 
No such file or directory\r\ndebug2: we did not send a packet, disable 
method\r\ndebug3: authmethod_lookup password\r\ndebug3: remaining 
preferred: ,password\r\ndebug3: authmethod_is_enabled password\r\ndebug1: 
Next authentication method: password\r\ndebug3: send packet: type 
50\r\ndebug2: we sent a password packet, wait for reply\r\ndebug3: receive 
packet: type 52\r\ndebug1: Authentication succeeded 
(password).\r\nAuthenticated to 10.0.2.5 ([10.0.2.5]:22).\r\ndebug1: 
setting up multiplex master socket\r\ndebug3: muxserver_listen: temporary 
control path /root/.ansible/cp/a0709b0bd0.cAe9DrGmRT8viyNa\r\ndebug2: fd 4 
setting O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug3: fd 4 is 
O_NONBLOCK\r\ndebug1: channel 0: new 
[/root/.ansible/cp/a0709b0bd0]\r\ndebug3: muxserver_listen: mux listener 
channel 0 fd 4\r\ndebug2: fd 3 setting TCP_NODELAY\r\ndebug3: 
ssh_packet_set_tos: set IP_TOS 0x08\r\ndebug1: control_persist_detach: 
backgrounding master process\r\ndebug2: control_persist_detach: background 
process is 1418\r\ndebug2: fd 4 setting O_NONBLOCK\r\ndebug1: forking to 
background\r\ndebug1: Entering interactive session.\r\ndebug1: pledge: 
id\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 
seconds\r\ndebug1: multiplexing control connection\r\ndebug2: fd 5 setting 
O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug1: channel 1: new 
[mux-control]\r\ndebug3: channel_post_mux_listener: new mux channel 1 fd 
5\r\ndebug3: mux_master_read_cb: channel 1: hello sent\r\ndebug2: 
set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: 
mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: 
process_mux_master_hello: channel 1 slave version 4\r\ndebug2: 
mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: 
request forwardings: 0 local, 0 remote\r\ndebug3: 
mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: 
entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 
len 4\r\ndebug2: process_mux_alive_check: channel 1: alive check\r\ndebug3: 
mux_client_request_alive: done pid = 1420\r\ndebug3: 
mux_client_request_session: session request sent\r\ndebug3: 
mux_master_read_cb: channel 1 packet type 0x10000002 len 91\r\ndebug2: 
process_mux_new_session: channel 1: request tty 0, X 0, agent 0, subsys 0, 
term \"xterm\", cmd \"/bin/sh -c 'echo ~ && sleep 0'\", env 1\r\ndebug3: 
process_mux_new_session: got fds stdin 6, stdout 7, stderr 8\r\ndebug2: fd 
7 setting O_NONBLOCK\r\ndebug2: fd 8 setting O_NONBLOCK\r\ndebug1: channel 
2: new [client-session]\r\ndebug2: process_mux_new_session: channel_new: 2 
linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send 
packet: type 90\r\ndebug3: receive packet: type 91\r\ndebug2: callback 
start\r\ndebug2: client_session2_setup: id 2\r\ndebug1: Sending 
environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug2: channel 
2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending 
command: /bin/sh -c 'echo ~ && sleep 0'\r\ndebug2: channel 2: request exec 
confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: 
sending success reply\r\ndebug2: callback done\r\ndebug2: channel 2: open 
confirm rwindow 1024 rmax 4096\r\ndebug1: mux_client_request_session: 
master session id: 2\r\ndebug3: receive packet: type 99\r\ndebug2: 
channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted 
on channel 2\r\ndebug3: send packet: type 1\r\ndebug1: channel 0: free: 
/root/.ansible/cp/a0709b0bd0, nchannels 3\r\ndebug3: channel 0: status: The 
following connections are open:\r\n  #1 mux-control (t16 r2 i0/0 o0/0 fd 
5/5 cc -1)\r\n  #2 client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 
1)\r\n\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: 
channel 1: status: The following connections are open:\r\n  #1 mux-control 
(t16 r2 i0/0 o0/0 fd 5/5 cc -1)\r\n  #2 client-session (t4 r3 i0/0 o0/0 fd 
6/7 cc 1)\r\n\r\ndebug1: channel 2: free: client-session, nchannels 
1\r\ndebug3: channel 2: status: The following connections are open:\r\n  #2 
client-session (t4 r3 i0/0 o0/0 fd 6/7 cc 1)\r\n\r\ndebug3: fd 0 is not 
O_NONBLOCK\r\ndebug3: fd 1 is not O_NONBLOCK\r\ndebug1: fd 2 clearing 
O_NONBLOCK\r\nConnection to 10.0.2.5 closed by remote host.\r\nTransferred: 
sent 2072, received 2032 bytes, in 37.9 seconds\r\nBytes per second: sent 
54.6, received 53.6\r\ndebug1: Exit status -1\r\ndebug3: 
mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Control 
master terminated unexpectedly\r\n",
    "unreachable": true
}
        to retry, use: --limit 
@/var/lib/awx/projects/username/Cisco/cisco_facts.retry

PLAY RECAP 
******************************************************************************************************************************************************************************************************************************************************************************************************************
10.0.2.5                : ok=0    changed=0    unreachable=1    failed=0




 

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/109bb348-6cfe-4910-82c6-cec0d02d6949%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.