Arguments passed to OpenSSH too intrusive.

Archives Ansible Project
1

First off,

JumpHosts work fine with -c ssh.

The only thing we pass along that overrides is the user, and I still
maintain setting that is pretty vital to multi-user operation. Don't
think about it as SSH, think about it as a systems management app that
just happens to be using SSH as a transport.

If you want to control the user default on a per host basis without
specifying it, set ansible_ssh_user=foo in your playbook and you get
that.

If we were to add the new parameter, I think people would engage it --
at least this is my fear-- and then ask why setting the user didn't
work anymore.

2

JumpHosts work fine with -c ssh.

To clarify, I am only speaking of the case where OpenSSH is the transport. If the user is using Paramiko or another transport I’m sure nothing I’m saying will apply.

I have got Ansible to work very nicely with my jump host, it was just a bit of a pain to figure out what was going wrong, and all I’m trying to do right now is figure out if there’s some way to make it slightly more intuitive to figure out.

The only thing we pass along that overrides is the user

The SSH command that was formed seems to be:

EXEC [‘ssh’, ‘-tt’, ‘-q’, ‘-o’, ‘ControlMaster=auto’, ‘-o’, ‘ControlPersist=60s’, ‘-o’, ‘ControlPath=/tmp/ansible-ssh-%h-%p-%r’, ‘-o’, ‘StrictHostKeyChecking=no’, ‘-o’, ‘Port=22’, ‘-o’, ‘KbdInteractiveAuthentication=no’, ‘-o’, ‘PasswordAuthentication=no’, ‘-o’, ‘User=john’, ‘-o’, ‘ConnectTimeout=10’, ‘azura-wiki’, “/bin/sh -c ’ /usr/bin/python /root/.ansible/tmp/ansible-1364339138.68-44297655032104/ping; rm -rf /root/.ansible/tmp/ansible-1364339138.68-44297655032104/ >/dev/null 2>&1’”]

I mistakenly thought that there were more surprising options in there because I already knew that port was overridden from the blog post that sent me down the correct path to fixing this in the first place. So I guess all I’m really concerned with are port and user. Sorry for my confusion!

If you want to control the user default on a per host basis without
specifying it, set ansible_ssh_user=foo in your playbook and you get
that.

I have done this and it is working splendidly, but I was very surprised that despite not having any ansible_ssh_user option specified, Ansible was still passing a user to SSH. It didn’t seem very natural to me that Ansible would try to override what SSH thought the user would be without me telling it to do so. So perhaps instead of adding another option, do you think it would be reasonable to have Ansible not pass a user parameter to SSH is ansible_ssh_user isn’t specified (and a similar setup for the port)? The current user would still be used by default per SSH’s rules (as far as I know), and any configuration the admin has set up will still apply.

Thank you for your reply,
John Sullivan

3

" do you think it would be reasonable to have Ansible not pass a user
parameter to SSH is ansible_ssh_user isn't specified (and a similar
setup for the port)?"

Well, right now, it passes -u <your user> (not root), so I don't think
that would be too confusing.

I believe I would be ok with that.

4

Sounds great! I’ll code up a small patch for it.

Have a great afternon,
John Sullivan