Sorry, couldnt look further. Could you provide any log of the permission denied you're getting?
Em seg, 19 de nov de 2018 21:55, Arvind Thatikonda <[email protected] escreveu: > Hi Fabio, > I am not using the playbook for this particular task, I am creating an > ansible control server and client. I am trying to connect from control > server to client after generating the ssh keys. > I used ssh-keygen on ubuntu server using ansible user. I am setting a > passwordless connection from the ansible control server /localhost to > client. > > > > > On Mon, Nov 19, 2018 at 6:47 PM Fabio Gomes Sakiyama < > [email protected]> wrote: > >> Hi Arvind, >> >> It was pretty simple 'cause I was messing up the users. >> >> Are you running your playbook with root? Which user you set on your hosts >> as ansible_user? Are you using become inside your playbooks? >> Also, I stopped using ssh, instead I'm using openstack keypair. >> >> And try Dave's suggestion, it's very useful: >> >> Hi Fabio, >>> >>> I see you found a solution, but this is what I'd recommend doing next >>> time. >>> >>> Add -vvv and read the resulting output carefully. You can splice the ssh >>> command from Ansible back into the shell to work out what is missing or >>> different to just running ssh@<foo> locally. >>> >>> Usually this is because the username is different or you’re using a >>> different ssh key than expected. >>> >> e.g.: >>> $ ansible-playbook site.yml --diff --check -vvv >>> >>> Gathering Facts... >>> Using module file >>> /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py >>> <[email protected]> ESTABLISH SSH CONNECTION FOR USER: root >>> Using module file >>> /usr/local/lib/python2.7/site-packages/ansible/modules/system/setup.py >>> <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o >>> Port=2200 -o KbdInteractiveAuthentication=no -o >>> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >>> -o PasswordAuthentication=no -o User=root -o ConnectTimeout=30 -tt >>> i09.com 'which -s jailme' >>> <i09.koan-ci.com> ESTABLISH SSH CONNECTION FOR USER: ansible >>> <i09.com> SSH: EXEC ssh -F ./ssh_config -o StrictHostKeyChecking=no -o >>> Port=2200 -o KbdInteractiveAuthentication=no -o >>> PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey >>> -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=30 >>> i09.com '/bin/sh -c '"'"'/usr/local/bin/python2.7 && sleep 0'"'"'' >>> <i09.com> (255, '', 'root@i09com: Permission denied (publickey).\r\n') >>> >> >> >> And finally, if possible, post your playbook. >> >> >> On Mon, Nov 19, 2018 at 8:14 PM Arvind Thatikonda <[email protected]> >> wrote: >> >>> Hi Fabio, >>> can you please clarify how you managed to solve it. I created user >>> ansible, the public keys ID_RSA.pub are stored under /home/ansible/.ssh >>> folders. the ssh-copy-id should copy to target server - client when I run >>> ssh-copy-id ansible@privateip. >>> I create same user name 'ansible' on remote server. >>> I get permission denied error. >>> >>> >>> On Tuesday, October 9, 2018 at 10:16:26 AM UTC-4, Fabio Gomes Sakiyama >>> wrote: >>>> >>>> Hi Chen, >>>> >>>> I manage to solve the problem. I need to pass the public key of a >>>> different user. In addition, I changed the way to connect to the VMs, since >>>> I am using openstack, I configured ansible to use the keypair to connect. >>>> >>>> Thanks >>>> >>>> Em segunda-feira, 8 de outubro de 2018 23:47:35 UTC-3, chenchireddy >>>> guvvala escreveu: >>>>> >>>>> As I am aware Ansible always assumes jobs are running SSH keys either >>>>> local system or remote system. >>>>> >>>>> Thanks. >>>>> >>>>> On Tuesday, October 9, 2018 at 7:35:42 AM UTC+5:30, Fabio Gomes >>>>> Sakiyama wrote: >>>>>> >>>>>> Hi Chen, >>>>>> >>>>>> I'm aware of ssh-key gen and ssh-copy-id. The ansible module >>>>>> "authorized_keys" does the ssh-copy-id for me, so I don't need to run it >>>>>> manually. >>>>>> >>>>>> The ssh works because when I execute ''ssh root@myAddress", it works >>>>>> perfectly. >>>>>> The problem is when doing exact the same thing, but with ansible. >>>>>> >>>>>> >>>>>> Em segunda-feira, 8 de outubro de 2018 22:48:44 UTC-3, chenchireddy >>>>>> guvvala escreveu: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> *ssh-keygen* creates the public and private keys.* ssh-copy-id* copies >>>>>>> the local-host’s public key to the remote-host’s authorized_keys file. >>>>>>> ssh-copy-id also assigns proper permission to the remote-host’s home, >>>>>>> ~/.ssh, and ~/.ssh/authorized_keys. >>>>>>> >>>>>>> Check host entry in /etc/host file >>>>>>> 127.0.0.1 localhost >>>>>>> >>>>>>> Check command# ansible localhost -m ping -vv >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> On Tuesday, October 9, 2018 at 6:52:49 AM UTC+5:30, Fabio Gomes >>>>>>> Sakiyama wrote: >>>>>>>> >>>>>>>> Hello guys, >>>>>>>> >>>>>>>> I'm trying to use the ansible_authorized keys to create VMs (with >>>>>>>> packer and terraform), adding my workspace key to VMs authorized keys. >>>>>>>> I think it worked because if I execute ''ssh root@myVM", it >>>>>>>> connects without asking password. >>>>>>>> >>>>>>>> But when I execute "ansible all -m ping -u root" to that same host, >>>>>>>> it fails with the error "sshh fails to connect to host via ssh. >>>>>>>> Permission >>>>>>>> denied". >>>>>>>> >>>>>>>> I'm really confused and struggling to understand that, since a raw >>>>>>>> ssh works and the ansible ssh doesn't. >>>>>>>> >>>>>>>> What am I missing?? >>>>>>>> >>>>>>>> Thanks in advance! >>>>>>>> >>>>>>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Ansible Project" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/ansible-project/zE6uQpLdlkE/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To post to this group, send email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/ansible-project/20213015-3728-4271-b397-4b4142208a70%40googlegroups.com >>> <https://groups.google.com/d/msgid/ansible-project/20213015-3728-4271-b397-4b4142208a70%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/CAA5vnFkBc8hNXKu00K3%2BEoscVW1nmQuqBy3tBTq9u4SrsU9UwQ%40mail.gmail.com >> <https://groups.google.com/d/msgid/ansible-project/CAA5vnFkBc8hNXKu00K3%2BEoscVW1nmQuqBy3tBTq9u4SrsU9UwQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > > > -- > Thanks & Regards, > Arvind; > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Ansible Project" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/ansible-project/zE6uQpLdlkE/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/CAPiXTetW-b6vZBgcGWZWMtNRU-CEHwvBzgwLH_jXcJhsvmpxGw%40mail.gmail.com > <https://groups.google.com/d/msgid/ansible-project/CAPiXTetW-b6vZBgcGWZWMtNRU-CEHwvBzgwLH_jXcJhsvmpxGw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAA5vnFmrA2bFe8Z%2B8ftAZGR7qh8SLvsU4_COn942DykTFzxoiA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
