DOAS with password on OpenBSD "Timeout Waiting for Privilege Escalation Prompt"

[BFMartin]

I haven't been able to get doas on OpenBSD to work. Ansible is running on a Linux Mint 17.3 host, and the remote host ("testhost") is OpenBSD 5.9, fully patched. The remote host is connected via password-less ssh.

$ ansible --version

ansible 2.0.1.0

  config file = /etc/ansible/ansible.cfg

  configured module search path = Default w/o overrides

$ ansible testhost -i hosts -a "touch /testfile" --become --become-method=doas --ask-become-pass

DOAS password: 

testhost | FAILED | rc=0 >>

Timeout (12s) waiting for privilege escalation prompt: 

This is the /etc/doas.conf on testhost

permit keepenv :wheel

Python version on testhost:

Python 2.7.11

Here it is again, this time with verbose output:

$ ansible -vvvv testhost -i hosts -a "touch /testfile" --become --become-method=doas --ask-become-pass

Using /etc/ansible/ansible.cfg as config file

DOAS password: 

Loaded callback minimal of type stdout, v2.0

<testhost> ESTABLISH SSH CONNECTION FOR USER: None

<testhost> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r -tt testhost '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967 `" )'"'"''

<testhost> PUT /tmp/tmpgAeklK TO /home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/command

<testhost> SSH: EXEC sftp -b - -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r '[testhost]'

<testhost> ESTABLISH SSH CONNECTION FOR USER: None

<testhost> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/me/.ansible/cp/ansible-ssh-%h-%p-%r -tt testhost '/bin/sh -c '"'"'doas  -u root  /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-ncepxastuenhdslngrhywykynqaiclzg; /bin/sh -c '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'LANG=en_CA.UTF-8 LC_ALL=en_CA.UTF-8 LC_MESSAGES=en_CA.UTF-8 /usr/local/bin/python2.7 /home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/command; rm -rf "/home/me/.ansible/tmp/ansible-tmp-1464044553.85-229779171952967/" > /dev/null 2>&1'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'"'"'"'"'"'"'"''"'"''

testhost | FAILED | rc=0 >>

Timeout (12s) waiting for privilege escalation prompt: 

I can get doas working with password-less root. Also, sudo works when prompting for password, but I would prefer to not install sudo.

Am I doing something wrong?

Thank you.