Ansible ping get FAILED => SSH Error: Permission denied
528 views
Skip to first unread message
Hongjun Ma
Jan 22, 2016, 9:23:00 PM1/22/16
to Ansible Project
I'm getting permission error on basic ansible ping command. I verified ssh to remote hostname and ip address so the ssh host key is not an issue. Using CentOS7.0
If I cut/paste ssh command in ansible debug, the output will indicate I don't have access privilege to control path under /root. I wonder why Ansible use default root path while I'm executing ansible from sudo user test.
[test@hjma291 ~]$ sudo ansible apacheweb -m ping -vvvv
ESTABLISH CONNECTION FOR USER: test
REMOTE_MODULE ping
EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=test -o ConnectTimeout=10 hjma292.mylabserver.com /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453489009.17-230968962314359 && echo $HOME/.ansible/tmp/ansible-tmp-1453489009.17-230968962314359'
hjma292.mylabserver.com | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 54.201.99.23:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
[test@hjma291 ~]$
debug1: read PEM private key done: type RSA
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to hjma292.mylabserver.com ([54.201.99.23]:22).
debug1: setting up multiplex master socket
debug3: muxserver_listen: temporary control path /root/.ansible/cp/ansible-ssh-hjma292.mylabserver.com-22-test.UbB3i3qWanC8UnC8
muxserver_listen bind(): Permission denied
If I change ansible.conf file to "ssh_args = ", then I still get the same error but from detailed debug. Now ssh can log in but I'm getting "mkdir: missing operand" error after that.
[test@hjma291 ~]$ sudo ansible apacheweb -m ping -vvvv
[sudo] password for test:
ESTABLISH CONNECTION FOR USER: test
REMOTE_MODULE ping
EXEC ssh -C -tt -vvv -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=test -o ConnectTimeout=10 hjma292.mylabserver.com /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453488871.65-81648312932876 && echo $HOME/.ansible/tmp/ansible-tmp-1453488871.65-81648312932876'
hjma292.mylabserver.com | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 54.201.99.23:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
[test@hjma291 ~]$
debug1: Sending command: /bin/sh -c mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453489565.68-118702701632351 && echo $HOME/.ansible/tmp/ansible-tmp-1453489565.68-118702701632351
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype e...@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
mkdir: missing operand
Try 'mkdir --help' for more information.
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
If I cut/paste ssh command in ansible debug, the output will indicate I don't have access privilege to control path under /root. I wonder why Ansible use default root path while I'm executing ansible from sudo user test.
[test@hjma291 ~]$ sudo ansible apacheweb -m ping -vvvv
ESTABLISH CONNECTION FOR USER: test
REMOTE_MODULE ping
EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath="/root/.ansible/cp/ansible-ssh-%h-%p-%r" -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=test -o ConnectTimeout=10 hjma292.mylabserver.com /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453489009.17-230968962314359 && echo $HOME/.ansible/tmp/ansible-tmp-1453489009.17-230968962314359'
hjma292.mylabserver.com | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 54.201.99.23:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
[test@hjma291 ~]$
debug1: read PEM private key done: type RSA
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).
Authenticated to hjma292.mylabserver.com ([54.201.99.23]:22).
debug1: setting up multiplex master socket
debug3: muxserver_listen: temporary control path /root/.ansible/cp/ansible-ssh-hjma292.mylabserver.com-22-test.UbB3i3qWanC8UnC8
muxserver_listen bind(): Permission denied
If I change ansible.conf file to "ssh_args = ", then I still get the same error but from detailed debug. Now ssh can log in but I'm getting "mkdir: missing operand" error after that.
[test@hjma291 ~]$ sudo ansible apacheweb -m ping -vvvv
[sudo] password for test:
ESTABLISH CONNECTION FOR USER: test
REMOTE_MODULE ping
EXEC ssh -C -tt -vvv -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=test -o ConnectTimeout=10 hjma292.mylabserver.com /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453488871.65-81648312932876 && echo $HOME/.ansible/tmp/ansible-tmp-1453488871.65-81648312932876'
hjma292.mylabserver.com | FAILED => SSH Error: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
while connecting to 54.201.99.23:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.
[test@hjma291 ~]$
debug1: Sending command: /bin/sh -c mkdir -p $HOME/.ansible/tmp/ansible-tmp-1453489565.68-118702701632351 && echo $HOME/.ansible/tmp/ansible-tmp-1453489565.68-118702701632351
debug2: channel 0: request exec confirm 1
debug2: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug2: channel 0: rcvd adjust 2097152
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype e...@openssh.com reply 0
debug2: channel 0: rcvd eow
debug2: channel 0: close_read
debug2: channel 0: input open -> closed
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
mkdir: missing operand
Try 'mkdir --help' for more information.
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
Brian Coca
Jan 25, 2016, 11:34:56 PM1/25/16
to Ansible Project
well .. when you 'sudo ansible' you are running ansible as root, since
it creates things in ~/.ansible ... in this case ~/ translates to
/root
when you copy and paste the ssh command, YOU are not root nor running
sudo, hence the difference.
normally you don't run anible inside sudo, what are you trying to accomplish?
--
Brian Coca
it creates things in ~/.ansible ... in this case ~/ translates to
/root
when you copy and paste the ssh command, YOU are not root nor running
sudo, hence the difference.
normally you don't run anible inside sudo, what are you trying to accomplish?
--
Brian Coca
Reply all
Reply to author
Forward
0 new messages