Fails with "Enter passphrase for key"

[Stiv Ostenberg]

Trying to work through some Ansible training, but failing to run Ansible playbooks.

 

It took me quite a while to figure out the relationship between the "~/.ssh/config" and the "/etc/ansible/hosts" to get things to where I am at now.  I created entries for three servers I just created with Terraform.  nat, db1, and web1.  I added those systems to /etc/hosts to avoid confusion. 

 

Partial contents of ~/.ssh/config:

Host db1

  Hostname db1

  User ec2-user

  ProxyCommand ssh nat -W %h:%p 2>/dev/null

  IdentityFile ~/.ssh/msca-devops

  IdentityFile ~/.ssh/msca-devops.pub

 

 

Host web1

  Hostname web1

  User ec2-user

  IdentityFile ~/.ssh/msca-devops

  IdentityFile ~/.ssh/msca-devops.pub

 Things look good.  I am able to run commands on these systems using Ansible:

[stiv@stivopconlinux .ssh]$ ansible all  -m shell -a 'hostname'

web1 | SUCCESS | rc=0 >>

ip-10-0-0-63

nat | SUCCESS | rc=0 >>

ip-10-0-0-222

db1 | SUCCESS | rc=0 >>

ip-10-0-1-107

 

 I am also able to ssh to these systems:

[stiv@stivopconlinux .ssh]$ ssh web1

Last login: Tue Apr 18 17:48:39 2017 from 162.246.216.28

       __|  __|_  )

       _|  (     /   Amazon Linux AMI

      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2016.09-release-notes/

No packages needed for security; 2 packages available

Run "sudo yum update" to apply all updates.

[ec2-user@ip-10-0-0-63 ~]$

 Based on this, I though all my manure was in order.  When I try to run my first ever playbook however I fail

[stiv@stivopconlinux playbooks]$ ansible-playbook -i web1, setup_apache.yaml

PLAY [all] *********************************************************************

TASK [setup] *******************************************************************

Enter passphrase for key '/home/stiv/.ssh/msca-devops.pub':

 Not sure why it is doing this.  There is no passphrase.   The file in question (which worked for both ssh and ansible) contains ---BEGIN SSH2 PUBLIC KEY---- *stuff* --- END SSH2 PUBLIC KEY----.
The msca-devops file in the .ssh folder contains the private key, again just the BEGIN-END, no passphrase. 

What am I doing wrong?

[Paul Markham]

You've specified IdentityFile option twice in you .ssh/config file, once with the private key and once with the public key. You just need one entry pointing to the private key. Not sure why it was sometime working though.