[ansible-project] Windows host through SSH bastion on Ansible with authentication certificate

Wed, 14 Apr 2021 01:19:27 -0700 

Hi everybody,
this is my first time: $, sorry for any mistakes I make.

Scenario:
I have set the hop through bastion using prompts: 
https://www.bloggingforlogging.com/2018/10/14/windows-host-through-ssh-bastion-on-ansible/
- 1 host with Windows 2016 server, powershell 5.1
- 1 host with Windows 2012r2 server, powershell 5.1
- ansible 2.9.11 + python version 2.7.5
- pypsrp Version: 0.5.0


Connection with bastion to Client_windows1, if I run:
ansible Client_windows1 -m win_ping -e "ansible_user=administrator 
ansible_password=P@ssw0rd ansible_connection=psrp 
ansible_psrp_protocol=http ansible_psrp_proxy=socks5h://127.0.0.1:1234"
Results: OK

direct connection to Client_windows2 with certificate, if I run:
ansible -m win_ping Client_windows2 -e "ansible_user= administrator 
ansible_port=5986 ansible_winrm_cert_pem=/path/cert.pem 
ansible_winrm_cert_key_pem=/path/cert_key.pem ansible_connection=winrm 
ansible_winrm_transport=certificate 
ansible_winrm_server_cert_validation=ignore 
ansible_winrm_read_timeout_sec=300"
Results: OK

up to here, everything working.
  :)

now what I need is to combine the authentication with the certificate and 
hop through a bastion...
if I run:
ansible -m win_ping Client_windows1 -e "ansible_user= 
administrator ansible_port=5986 ansible_connection=psrp 
ansible_psrp_certificate_pem=/path/cert.pem 
ansible_psrp_certificate_key_pem=/path/cert_key.pem 
ansible_psrp_cert_validation=ignore 
ansible_psrp_auth=certificate ansible_psrp_protocol=https 
ansible_psrp_connection_timeout=180 ansible_psrp_operation_timeout=180 
ansible_psrp_read_timeout=180 ansible_psrp_proxy=socks5h://127.0.0.1:1234"
Results:
Client_windows1 | UNREACHABLE! => {
    "changed": false,
    "msg": "psrp connection failure during runspace open: Received a 
WSManFault message. (Code: 5, Machine:  Client_windows1.contoso.loc, 
Reason: Access is denied.)",
    "unreachable": true
}

Client_windows1 and Client_windows2 have the same winrm configuration.
is posible connect with certificate through SSH bastion?
Am I missing any parameters?

thanks a lot

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/3e5eecf7-f63d-413e-9ae8-7c40378b226an%40googlegroups.com.

Reply via email to