Ansible vs sshd config

[Ermanno Travaglino]

Hi there,

I'm using Ansible to manage target servers with following /etc/ssh/sshd_config configuration:

"

...

PasswordAuthentication no

...

ChallengeResponseAuthentication yes

...

"

I have the root password of target servers but actually I can't use the ansible "expect" module neither the ssh private/public key exchange, just the following:

    ansible_connection: ssh

ansible_port=22

    ansible_host: < host >

    ansible_ssh_user: root

    ansible_password: < root password >

ansible_ssh_extra_args: < ??? >

Which "ansible_ssh_extra_args" do you suggest using to allow the connection? Otherwise, is it needed to patch the ansible python code to add this new features?

Thanks.

KR,

Ermanno

[Eric Hymowitz]

I don't fully understand your question, because you said both:

PasswordAuthentication no

and

I have the root password of target servers

That said ...

If you read this web page

https://serverfault.com/questions/838113/handling-keyboard-interactive-inputs-with-ansible

and the various github pages that it refers to, you will find that Ansible does not support ChallengeResponseAuthentication, and has no plans to support it.

I will also note that logging into your server as root is generally a bad idea, and it's blocked by (almost) every default ssh configuration.

--EbH