My firm’s policy has a constraint of passing “-t bash” to ssh for connectivity else it would fail [This could be to prevent anyone from firing remote commands].
Below ssh command works fine:
ssh -i /opt/cert/id_rsa_prod targetuser@targethost -t bash
Inorder to make ansible’s ssh to include “-t bash” argument I try to inject “-t bash” to ansible ssh by specifying the same in ansible inventory host file as below:
more host.txt
[target*]
targethost ansible_python_interpreter=/opt/bin/python2.7 ansible_ssh_extra_args=“-t bash” ansible_ssh_common_args=“-t” ansible_ssh_private_key_file=/opt/cert/id_rsa_prod USER_RUN=targetuser
When I run this ansible playbook it fails to connect to target host and throws the below error output:
23:53:42 ESTABLISH SSH CONNECTION FOR USER: targetuser
23:53:42 SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o ‘IdentityFile=“/opt/cert/id_rsa_prod”’ -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=targetuser -o ConnectTimeout=10 -t bash -o ControlPath=/home/sourceuser/.ansible/cp/e8313d01d6 targethost ‘/bin/sh -c ‘"’“‘echo ~targetuser && sleep 0’”’"‘’
23:53:42 (255, ‘’, ‘OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1: /etc/centrifydc/ssh/ssh_config line 3: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket “/home/sourceuser/.ansible/cp/e8313d01d6” does not exist\r\ndebug2: resolving “bash” port 22\r\nssh: Could not resolve hostname bash: Name or service not known\r\n’)
23:53:42 fatal: [targethost]: UNREACHABLE! => {
23:53:42 “changed”: false,
23:53:42 “msg”: “Failed to connect to the host via ssh: OpenSSH_7.7p1 (CentrifyDC build 5.5.1-395) , OpenSSL 1.0.2o-fips 27 Mar 2018\r\ndebug1: Reading configuration data /home/sourceuser/.ssh/config\r\ndebug1: Reading configuration data /etc/centrifydc/ssh/ssh_config\r\ndebug1: /etc/centrifydc/ssh/ssh_config line 3: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket “/home/sourceuser/.ansible/cp/e8313d01d6” does not exist\r\ndebug2: resolving “bash” port 22\r\nssh: Could not resolve hostname bash: Name or service not known\r\n”,
23:53:42 “unreachable”: true
23:53:42 }
23:53:42 to retry, use: --limit @/opt/scripts/myfolder/site.retry
23:53:42
23:53:42 PLAY RECAP
23:53:42 targethost : ok=0 changed=0 unreachable=1 failed=0
ANSIBLE VERSION
ansible --version
ansible 2.7.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/site-packages/ansible
executable location = /bin/ansible
python version = 2.7.5 (default, Sep 12 2018, 05:31:16) [GCC 4.8.5 20150623 (Red Hat 4.8.5-36)]