Hello Group,
New to Ansible and the Project, but like what I see so far!
I am running Ansible 2.4.0 on RHEL7.4. I have SSH keys setup on several hosts and can connect to the remote hosts using the SSH Key Pair from my Ansible Control node and not be prompted for passwords, all as the root user in my POC.
The issue I am seeing is that even though I can use the SSH keys to connect, Ansible is failing in anything but a “raw” connection. I am guessing there is some oddity in my system or root shell profile (bash), but I have tested working machines in my Lab to non-working machine in the Dev environment.
The issue seems to be stringing commands together over the SSH connection. I can see this issue when even running commands over SSH. But I know for certain that the actual login process using the SSH keys does work. Below is an example of the debug output when trying to run an ad-hoc command, I tired to include what I thought was the most relevant info, but if more is needed, please let me know!
22433 1508524844.83617: _low_level_execute_command(): starting
22433 1508524844.83629: _low_level_execute_command(): executing: /bin/sh -c ‘echo ~ && sleep 0’
22433 1508524845.34744: stderr chunk (state=2):
I think I have this narrowed down to two issues revolving around SSH connections to the remote machine, but testing is still on-going for one of the potential issues.
By default in the environment we have PermitRootLogin set to forced-commands-only on all our machines. This parameter in the SSHD config seems to be the main crux of the problem. It appears PermitRootLogin needs set to yes.
The other issue I am seeing, and still testing, is the SSH Key I am attempting to use is currently an existing key from our admin Jump servers, but this key has the “no-pty” option set, which appears that it could be causing additional issues. I have not 100% proven the “no-pty” setting is an issue, as mentioned, testing continues.
More updates shortly.
-me
Think I have this working as expected at this time. There is something very odd in our environment that is breaking SSH in wonderful ways when it comes to Ansible, I suspect the current CFEngine setup is not going to give up so easily. Even after stopping CFE there are some kinds of custom, home-grown processes still using CFE which will seemingly randomly break my ability to SSH in as from Ansible.
To get around this issue to allow my testing to proceed, I have setup an Ansible Service Account locally on my test machines, added the proper entries to sudoers and added the needed SSH keys to allow all this work. Everything is working as expected at this time so now on to further testing!
-me