Ansible vs sshd config

Ermanno_Travaglino · July 16, 2019, 10:58am

Hi there,
I’m using Ansible to manage target servers with following /etc/ssh/sshd_config configuration:

"
…
PasswordAuthentication no
…
ChallengeResponseAuthentication yes
…
"

I have the root password of target servers but actually I can’t use the ansible “expect” module neither the ssh private/public key exchange, just the following:

ansible_connection: ssh
ansible_port=22
ansible_host: < host >
ansible_ssh_user: root
ansible_password: < root password >
ansible_ssh_extra_args: < ??? >

Which “ansible_ssh_extra_args” do you suggest using to allow the connection? Otherwise, is it needed to patch the ansible python code to add this new features?

Thanks.

KR,
Ermanno

erichymowitz · July 16, 2019, 6:54pm

I don’t fully understand your question, because you said both:

PasswordAuthentication no

and

I have the root password of target servers

That said …

If you read this web page

https://serverfault.com/questions/838113/handling-keyboard-interactive-inputs-with-ansible

and the various github pages that it refers to, you will find that Ansible does not support ChallengeResponseAuthentication, and has no plans to support it.

I will also note that logging into your server as root is generally a bad idea, and it’s blocked by (almost) every default ssh configuration.

–EbH

Topic		Replies	Views
SSH Passwordless Authentication Get Help ansible-core , rhel , ansible	12	1072	May 16, 2024
Public Key works but not username password Ansible Project ubuntu	1	1	January 13, 2017
Ansible Failing But SSH Connections are Successful Ansible Project	2	2	October 26, 2017
Problems running ansible w/o root access Ansible Project rhel , ansible-project	4	1	March 8, 2013
Ansible and hardcoded OpenSSH options Ansible Project	1	2	February 21, 2023

Ansible vs sshd config

Related topics