CODEWITHSUNDEEP
sshansible
Héctor
Héctor

Reputation: 26084

Ansible: Permission denied

I'm unable to run a playbook with public key authentication. I get this error:

Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,password)

Till now, I have been using --ask-pass authentication, but now I need to automate it so I need to do it by public key. How have I to configure it?

I have found this playbook to do it:

---
- hosts: all
  remote_user: root
  vars:
    authorized_key_list:
      - name: root
        authorized_keys:
         - key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
           state: present

I execute this playbook with --ask-pass and next playbook execution doesn't require password and work fine. But after some minutes it doesn't! Why? What is playbook above actually doing?

Thanks in advance.

Upvotes: 1

Views: 7734

Answers (1)

Nishant Singh
Nishant Singh

Reputation: 3209

Lets say you have 2 machines. Machine A {Ansible Host} & Machine B{ target}

On the Machine A, you will have to generate a sshkey using :

~$ ssh-keygen

This will generate a Public and Private key pair in .ssh directory of your current user.

Once the keys are generated you need to copy the public key {extension .pub} from the Machine A's .ssh directory.

Now Login to Machine B , and go inside .ssh folder of it. Now you need to create a file called "authorized_keys" (if not present, make sure the permission is readonly) and paste the copied public key from Machine A to machine B.

This is done .

Now in your host{inventory} file on machine A use the following format :

 [hosts]
Machine_B_ip ansible_ssh_user=username_here ansible_ssh_private_key_file=/path_of_private_key

ex: 

    [log_export]
12.6.1.23  ansible_ssh_user=ubuntu ansible_ssh_private_key_file=/home/nsingh/dev.pem

You can do a ansible ping also to check if Ansible is able to communicate via ssh as ansible all -m ping -vi inventory_file

Upvotes: 4

Related Questions