Reputation: 2305
Ansible 'Failed to connect to the host via ssh'
I know this has been asked a lot, but I've tried every solution I've seen over like 20 threads on the web and nothing has worked for me yet.
I'm on an Ubuntu 16.10 Linux local machine using ansible 2.1.1.0 trying to ping (ansible all -m ping) my Ansible child node that's on an Ubuntu AWS EC2 instance.
My /etc/ansible/hosts has the EC2's public IP:
web1 ansible_host=52.91.x.y
I can SSH into the EC2 instance with:
ssh -i "mypemfile.pem" [email protected]
so I know the security group/networking/etc. is fine on the instance.
But when I try to ping the child nodes:
ansible all -m ping
I get:
Failed to connect to the host via ssh
When I show the full command by -vvvv:
ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/home/myuser/.ssh/id_rsa.pub"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/myuser/.ansible/cp/ansible-ssh-%h-%p-%r 52.91.x.y
and then run that command that Ansible is running, at the end of the detailed output, it shows:
debug1: Offering RSA public key: /home/myuser/.ssh/id_rsa.pub
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Offering RSA public key: Downloads/nginx-code-challenge-2017-03-16.pem
...skip some stuff
debug1: No more authentication methods to try.
Permission denied (publickey).
It tries a bunch of different keys from my local (Ansible master node) system without success.
I made sure the public key of my master node is in .ssh/authorized_keys of the child node. When I do ssh-copy-id it confirms this, saying the key has already been added.
I've tried specifying the path to my private key in /etc/ansible/ansible.cfg, but this does nothing, and I can already see in the debug output that it is trying several keys.
I've tried adding the -c paramiko command:
ansible all -m ping -vvvv -c paramiko
But all I get is a new error, Authentication failed
I even tried crazy stuff like host_key_checking = False in ansible.cfg
Help?
Upvotes: 2
Views: 3007
Answers (2)
Reputation: 2305
The solution ended up being stupidly simple. I was missing the user in the /etc/ansible/hosts (the ansible_ssh_user=ubuntu portion):
[nginx]
web1 ansible_ssh_host=52.91.x.y ansible_ssh_user=ubuntu
Upvotes: 0
Reputation: 51
Your manual SSH login is using your correct identity file (the *.pem one)
ssh -i "mypemfile.pem" [email protected]
However Ansible is reaching out to your public key file and using that as the private identity file:
'IdentityFile="/home/myuser/.ssh/id_rsa.pub"'
The IdentityFile argument expects a private key file. You'll want it to point to "mypemfile.pem" too.
Suggestion
Add the remote virtual machine to your SSH config file at ~/.ssh/config
Host ec2
HostName something.compute.amazonaws.com
User ec2-user
IdentityFile /home/me/.ssh/mypemfile.pem
Then your hosts file for Ansible becomes much simpler:
[EC2]
dev ansible_ssh_host=ec2
Upvotes: 1
Related Questions
- ansible SSH connection fail
- ansible ssh connection error
- Ansible failed to connect to the host via ssh, but ssh command works
- how to fix the issue "Failed to connect to the host via ssh" in ansible
- I get the "Failed to connect to the host via ssh" error when Ansible tries to connect to a machine via ssh using private key
- Ansible throwing "Failed to connect to the host via ssh: Permission denied (publickey)." error with remote connections
- Ansible unable to connect to AWS EC2 instance
- Ansible-Failed to connect to the host via ssh
- SSH setup properly but ansible cannot connect
- Ansible: connection to AWS host fails with unknown SSH error