Ansible fails to connect with SSH (banner exchange)

Question

Sorry in advance if the question is not clear and/or if i am not askin where i should.

I have issues with connecting to hosts with ansible via SSH. It worked few days ago but i have been having the same message error for several days :

        camille@ubuntu:~$ ansible all  -m ping -u remote
192.xxx.xxx.xxx | UNREACHABLE! => {
        "changed": false, 
        "msg": "Failed to connect to the host via ssh: Connection timed out during banner exchange\r\n", 
        "unreachable": true
    }

SSH connection (without ansible) with working nicely so i don't really understand the issue. I'm running Ansible on a Ubuntu 16.04 VM and the host i want to reach is a CentOS 7 VM.

My hosts file is the following :

[test]    
192.xxx.xxx.xxx ansible_ssh_user=remote ansible_ssh_pass=password ansible_sudo_pass='password' #VM CentOS

I tried the solution explained here but it didn't fix the problem.

Edit 1: After trying Ripper Tops solution and testing some other things, my inventory now looks like this :

[test]
192.xxx.xxx.xxx ansible_connection=ssh ansible_user=remote ansible_password='password'

[test:vars]
proxy=my_proxy:8080

I also tried increasing timeout to 25, i still have the same issue.

Edit 2 :

After changing my ansible.cfg file, the error message has changed :

192.xxx.xxx.xxx | UNREACHABLE! => {
    "changed": false, 
    "msg": "SSH Error: data could not be sent to remote host \"192.xxx.xxx.xxx\". Make sure this host can be reached over ssh", 
    "unreachable": true }

I test ssh connection again, it is still working nicely.

My config file is now :

[defaults]

timeout = 25
host_key_checking = False 
roles_path = roles/
gathering = smart 

[ssh_connection]
ssh_args = -o 
ControlMaster=auto -o 
ControlPersist=600s 
control_path = %(directory)s/%%h-%%r 
pipelining = True

Do you have any clue about this ?

Answer 1

This could be that there is some prompt on the banner that Ansible can't handle and is hiding.

I solved this by showing the ssh command being used with ansible-playbook -vvv. I manually ran the shown command and found that my SSH session though the bastion host worked, but the other key to the host was asking for a password. I was able to implement ssh-add to provide the key to ansible without ansible needing the password since there doesn't seem to be good accommodations for this by other means.

Answer 2

Just want to add my two cents to this problem resolution:

Had the same issue and tried everything above, but that didn't work as my case wasn't exactly the same: When i tried to do some playbooks towards multiple dozens of hosts, i received this error randomly on various hosts.

To fix this, i had to reduce the concurrency level from "serial: no" to "serial: 4". The number of concurrent executions depends on the network throughput and should be figured out experimentally or thorough digging and calculating your OS and hardware specifics. It also definitely involves network and possible fork number on your bastion host if you use one.

I hope this might help someone with the situation like mine.

Answer 3

I finally fixed my issue ! :D

• I apply the suggestions of Ripper Tops (thanks again) : change the ansible.cfg (see the 1st message)

• I changed my hosts file to the following :

  [test] 192.xxx.xxx.xxx ansible_user=remote ansible_password=remote_password ansible_ssh_user=remote ansible_ssh_pass=remote_password

  [test:vars] proxy=my_proxy:8080

• I pinged my hosts using the -c paramiko option

Thanks again Ripper Tops for your time & help :)

Answer 4

Try to use ansible_user instead ansible_ssh_user and ansible_password instead ansible_ssh_pass. It depends of your ansible version. Also you may need to place [group:vars] after [group] section in the inventory file.

There is simple way to check difference

ansible 192.168.15.29 -i your_hosts_file -m ping -e "ansible_ssh_user=remote ansible_ssh_pass=password"

or

ansible 192.168.15.29 -i your_hosts_file -m ping -e "ansible_user=remote ansible_password=password"