Getting "Permission denied (publickey)." when trying to clone Private Github repository, Public repo works

Archives Ansible Project
1

Hello Ansiblers,

I am trying use ansible to bring in a Private GITHUB repository and am having issues and getting “Permission denied (publickey).” I’ve done some digging and checked the ideas I came across on the mailing list so far, but none of them have worked.

  • I’ve opened up the ports in the outbound firewall
  • If I do a public repo it works fine, so its not an issue reaching GITHUB in general just the Private repositories.
  • If I try to clone the Private repository manually on the destination server it works correctly
  • GitHub ssh-key access test ( ssh -T git@github.com ) works on box directly but fails under Ansible in a playbook using command.

So it would seem like the SSH key info isn’t being passed along. BTW I’ve tried the github ssh-key test both with and without SUDO auth. And it fails either way. The SSH-key is the same for my SSH login and github.

I have included the log of the original failure and the github test for recognition of the users SSH-Key

Any clues of things I can check or what I might be doing wrong would be appreciated.

Thanks,
Paul

================ Start - from playbook output that fails ===

TASK: [git repo=git@github.com:GitUserName/GitRepoName.git dest=/usr/local/GitUserName/ansible-examples-ta4 version=HEAD accept_hostkey=yes] ***
<111.222.333.444> REMOTE_MODULE git repo=git@github.com:GitUserName/GitRepoName.git dest=/usr/local/GitUserName/ansible-examples-ta4 version=HEAD accept_hostkey=yes
failed: [bbb-sandbox-a-pub] => {“cmd”: “/usr/bin/git ls-remote git@github.com:GitUserName/GitRepoName.git -h refs/heads/HEAD”, “failed”: true, “rc”: 128}
stderr: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
msg: Permission denied (publickey).
fatal: The remote end hung up unexpectedly
FATAL: all hosts have already failed – aborting

============== End - from playbook output that fails ===

================ Start - from Github SSH-key test that fails ===

TASK: [Execute command - check SSH-key access to GitHub] **********************
<111.222.333.444> ESTABLISH CONNECTION FOR USER: MyUbuntuUser
<111.222.333.444> REMOTE_MODULE command /usr/bin/ssh -T git@github.com
<111.222.333.444> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/Users/MyOSXuser/.ansible/cp/ansible-ssh-%h-%p-%r” -o Port=8023 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=MyUbuntuUser -o ConnectTimeout=10 111.222.333.444 /bin/sh -c ‘mkdir -p $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052 && chmod a+rx $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052 && echo $HOME/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052’
<111.222.333.444> PUT /var/folders/jv/z2wn_pn52l76vtv84tsj2yf40000gx/T/tmpodUAD4 TO /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/command
<111.222.333.444> EXEC ssh -C -tt -vvv -o ControlMaster=auto -o ControlPersist=60s -o ControlPath=“/Users/MyOSXuser/.ansible/cp/ansible-ssh-%h-%p-%r” -o Port=8023 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=MyUbuntuUser -o ConnectTimeout=10 111.222.333.444 /bin/sh -c ‘LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 /usr/bin/python /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/command; rm -rf /home/MyUbuntuUser/.ansible/tmp/ansible-tmp-1421445689.53-55058409970052/ >/dev/null 2>&1’
failed: [bbb-sandbox-a-pub] => {“changed”: true, “cmd”: [“/usr/bin/ssh”, “-T”, “git@github.com”], “delta”: “0:00:00.113147”, “end”: “2015-01-16 22:01:21.784784”, “rc”: 255, “start”: “2015-01-16 22:01:21.671637”, “warnings”: }
stderr: Permission denied (publickey).
FATAL: all hosts have already failed – aborting
PLAY RECAP ********************************************************************

====================== End - from Github SSH-key test that fails ===

======================= Start - ansible version info ===

$ ansible --version
ansible 1.8.2
configured module search path = None

====================== End - ansible version info ===

2

OK let me try this a different way.

First let me verify that should work for Private repositories and not just Public ones.

Are there any special options that need/should be added to the master config file or as options when calling the containing Playbook?

Any ideas or even questions that might point me in the right direction appreciated.

3

Private repositories should work. Here's a playbook I just ran to test:

4

Sorry for the extra long delay in responding but I didn’t your reply come in and I had been doing the git pulls manually just to get past it. I have been revisiting the issue since we may be moving to AWS and I’ve been trying to setup some new playbook to cover everything.

I’ve been relying on agent forwarding, not actually copying over the private key.

Public still works. But Private is still giving me fits. My playbook is almost identical to the one you posted. Except I ran on the remote server and not localhost

  • I verified that AgentForwarding is being used “EXEC ssh -C -tt -vvv -o ForwardAgent=yes -” is in the log

  • If I do basically the exact same steps manually it works.(using same SSH keypair to login to the same server)

  • “ssh -T git@github.com” works natively on the server via SSH, but fails when run via playbook

`

  • name: Execute command - check SSH-key access to GitHub
    command: /usr/bin/ssh -T git@github.com

`

the output with server ID obscured

`
TASK: [Execute command - check SSH-key access to GitHub] **********************
failed: [ec2-00-00-00-00.us-xxxxx-2.compute.amazonaws.com] => {“changed”: true, “cmd”: [“/usr/bin/ssh”, “-T”, “git@github.com”], “delta”: “0:00:00.496378”, “end”: “2015-07-21 19:51:54.642785”, “rc”: 255, “start”: “2015-07-21 19:51:54.146407”, “warnings”: }
stderr: Permission denied (publickey).

FATAL: all hosts have already failed – aborting
`

I am going to a Ubuntu14LTS server and running Ver1.9.2 of ansible now, but and earlier version during my prior attempts

Any Solid clues appreciated. I’m still digging thru the other threads but nothing matches yet.
Paul

5

Like I mentioned I’ve been digging like crazy. I think I just found my nice obscure cause for the problem from a post back in July 2014. It seems that having sudo:yes can cause problems with git module. I had this GIT call as part of a playbook that needed sudo for other actions so I had it on. When I turned it off all of a sudden my Test and the actual GIT pull both worked

Yeah !!! :slight_smile:

The thread with the hint:
https://groups.google.com/d/topic/ansible-project/FECW2fFTrKM/discussion

Thanks for the help

Paul