CODEWITHSUNDEEP
sshansible
Marco Eckstein
Marco Eckstein

Reputation: 4758

Ansible failed to connect to the host via ssh, but ssh command works

From inventory.yml:

myhost:
  ansible_host: myhost # actually it was ansible_ssh_host (see my answer)
  ansible_user: myuser # actually it was ansible_ssh_user (see my answer)
  ansible_pass: mypass # actually it was ansible_ssh_pass (see my answer)

So far, Ansible worked fine. I could also ssh myuser@myhost.

Then, I changed the ssh port from default 22 to 23 and edited the inventory.yml:

myhost:
  ansible_host: myhost
  ansible_user: myuser
  ansible_pass: mypass # THE PROBLEM! Must be ansible_ssh_pass. (see my answer)
  ansible_port: 23

As expected, I can ssh myuser@myhost -p 23, but Ansible gives the error:

fatal: [staging]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: myuser@myhost: Permission denied (publickey,password).", "unreachable": true}

What could be causing the error?

Upvotes: 1

Views: 1212

Answers (3)

Shivu RH
Shivu RH

Reputation: 31

In my case, where key based ssh is only allowed, ansible ping was failing with -

"msg": "Failed to connect to the host via ssh: Permission denied (publickey).",

The inventory file had entry for ansible_user=$user. Removing entry from inventory file helped.

My environment :

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.7 LTS
Release:    16.04
Codename:   xenial

$ ansible --version
ansible 2.9.27
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/home/USER_NAME/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.12 (default, Mar  1 2021, 11:38:31) [GCC 5.4.0 20160609]

Upvotes: 0

SmartTom
SmartTom

Reputation: 821

The variable for password is ansible_password. See documentation here to create your inventory.yml properly.

Notice that you should never store your password in plain text, but use a vault in stead.

Upvotes: 1

Marco Eckstein
Marco Eckstein

Reputation: 4758

The solution is quite unexpected and slightly embarrassing:

While changing the SSH port, I also read this:

Ansible 2.0 has deprecated the “ssh” from ansible_ssh_user, ansible_ssh_host, and ansible_ssh_port to become ansible_user, ansible_host, and ansible_port.

I edited inventory.yml a bit too eagerly, as I also changed ansible_ssh_pass to ansible_pass. Hence: missing password -> permission denied.

So, my question had been phrased in a wrong way. I have updated it accordingly.

Upvotes: 1

Related Questions