How to solve the {"Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true} issue
119 views
Skip to first unread message
Jim H
Aug 17, 2018, 10:08:35 AM8/17/18
to Ansible Project
I am using Ansible to create and setup new virtual machine.
after the VM is created, if I use playbook to setup VM
ansible-playbook config-vm.yml -i ../../vms --extra-vars "target=10.150.200.30" --extra-vars "@password.json" --vault-password-file ~/vault-password.txt
Then I get this error
UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Shared connection to 10.150.200.30 closed.\r\n", "unreachable": true}
but if I explicitly ask the password
ansible-playbook config-vm.yml -i ../../vms --extra-vars "target=10.150.200.30" --ask-pass --ask-become-pass --ask-vault-pass
it will work.
How to solve this issue, I don't want to type the password during setup process.
Kai Stian Olstad
Aug 17, 2018, 11:29:07 AM8/17/18
to ansible...@googlegroups.com
On 17.08.2018 16:08, Jim H wrote:
> I am using Ansible to create and setup new virtual machine.
>
> after the VM is created, if I use playbook to setup VM
> *ansible-playbook config-vm.yml -i ../../vms --extra-vars
> I am using Ansible to create and setup new virtual machine.
>
> after the VM is created, if I use playbook to setup VM
> "target=10.150.200.30" --extra-vars "@password.json"
> --vault-password-file
> ~/vault-password.txt*
>
> Then I get this error
> * UNREACHABLE! => {"changed": false, "msg": "Failed to connect to
> Then I get this error
> the
> host via ssh: Shared connection to **10.150.200.30 **closed.\r\n",
> "unreachable": true}*
>
> but if I explicitly ask the password
> * ansible-playbook config-vm.yml -i ../../vms --extra-vars
> but if I explicitly ask the password
> "target=10.150.200.30" --ask-pass --ask-become-pass --ask-vault-pass*
>
> it will work.
>
> How to solve this issue, I don't want to type the password during
> setup
> process.
Don't use vault?
> it will work.
>
> How to solve this issue, I don't want to type the password during
> setup
> process.
The whole point of vault is to encrypt information so you need a
password to access it.
--
Kai Stian Olstad
Dick Visser
Aug 20, 2018, 12:24:47 PM8/20/18
to ansible...@googlegroups.com
On 17 August 2018 at 17:28, Kai Stian Olstad
A convenient compromise between "authenticating every time" and
"storing vault passwords in plain text" is the use of wrappers scripts
that fetch the vault password from agents that run in-memory.
So you authenticate less frequently (i.e. more convenient), and don't
store vault passwords on disk in clear text (i.e. more secure).
I've successfully used this approach using GnuPG and LastPass.
LastPass has the added benefit of being able to share vault passwords
across a team (although this requires the paid version).
Dick
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
PGP key fingerprint: F575 58C6 62C6 FD5B A9CD 217C 2667 13D4 E6EF 488D
GÉANT Vereniging (Association) is registered with the Chamber of
Commerce in Amsterdam with registration number 40535155 and operates
in the UK as a branch of GÉANT Vereniging. Registered office:
Hoekenrode 3, 1102 BR Amsterdam, The Netherlands. UK branch address:
City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.
"storing vault passwords in plain text" is the use of wrappers scripts
that fetch the vault password from agents that run in-memory.
So you authenticate less frequently (i.e. more convenient), and don't
store vault passwords on disk in clear text (i.e. more secure).
I've successfully used this approach using GnuPG and LastPass.
LastPass has the added benefit of being able to share vault passwords
across a team (although this requires the paid version).
Dick
--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT
PGP key fingerprint: F575 58C6 62C6 FD5B A9CD 217C 2667 13D4 E6EF 488D
GÉANT Vereniging (Association) is registered with the Chamber of
Commerce in Amsterdam with registration number 40535155 and operates
in the UK as a branch of GÉANT Vereniging. Registered office:
Hoekenrode 3, 1102 BR Amsterdam, The Netherlands. UK branch address:
City House, 126-130 Hills Road, Cambridge CB2 1PQ, UK.
Reply all
Reply to author
Forward
0 new messages