Ansible cannot reach host but ansible ping and ssh is ok

I have a very strange situation where a host that responds to ansible ping and i can ssh into gives Data could not be sent to remote host
Any idea how can i debug this and most importantly how can this happen?
i have this in invetory:

vmhost1   ansible_host=10.10.11.241 ansible_port=22
vmhost2   ansible_host=10.10.11.243 ansible_port=22

and remote_user=root in ansible.cfg (also i have another 30 hosts for which the same playbooks work without problem)

is just for vmhost1 running a playbook i get error, but ssh into it with the same credentials (root and port 22) and running ansible -m pong works…

Thanks a lot!

Check /etc/security/access.conf to see if root is only allowed from certain IP addresses on your problematic host.

By the way, allowing remote root login is very bad. It has been considered a security best practice to disallow remote root login since the late 1990’s. Your company should rethink this strategy and you should also use a dedicated Ansible user that has sudo access. If you’re doing this in a home lab or whatever, fine, but if this is for anything of any importance at all, PLEASE consider more secure alternatives.

/etc/security/access.conf is untouched on both.
also i beg to differ regarding root access :

1. disregarding explicit option, but ssh have as default prohibit-password and access is with key only
2. from attacker point of view there is absolutely no difference between access to a root account and and account that have unrestricted sudo privilege

add to that that it is a norm to allow this (firewall level) only from within local network and have an ssh bastion for external access and it become absolutely pointless to have some user with sudo access (which if it is configured to use password to do sudo then the password must be explicitly set up in ansible vault … and usage of passwords is anyway a security problem)

Anyway, thanks for looking into this!

The problem is even more strange : i can run a playbook with ansible.builtin.raw without problem … the python packages are the same with another identical host (same kickstart template)

Trying the faililng task with -vvvv i got the output that shows:

Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 383891\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Control master terminated unexpectedly\r\n",

but using the exact ssh command that is run gives no problem …

Seems that the problem was a MTU problem somehow:
while all datacenter and the ansible controller have an MTU of 9000, the host that did not work also had an MTU of 9000 … as soon as i commented the option (to get back to default of 1500) the ssh control no longer broke … i see no logic on this but this is the reality …