Host SSH key not recognized when trying to SSH into remote repository using Ansible playbook

Archives Ansible Project
1

Host SSH key not recognized when trying to SSH into remote repository using Ansible playbook. Remote repository was verified to have the correct SSH key from host, but still wouldn’t recognize host when trying to clone from the repository. Ran Ansible on 15 hosts, 13 were successful, 1 failed to clone from remote repo even though they were configured the same. Here is the actual error received. Can anyone help, please? Thx

fatal: [Host]: FAILED! => {“changed”: false, “cmd”: “/usr/bin/git clone --origin origin ‘ssh:<path_to_repo>’ /local_path”, “msg”: “FIPS mode initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS mode\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.”, “rc”: 128, “stderr”: “FIPS mode initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS mode\r\nPermission denied (public key).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the corr ect access rights\nand the repository exists.\n”, “stderr_lines”: [“FIPS mode initialized”, “Disabling GSSAPIKeyExchange. Not usable in FIPS mode”, “Permission denied (publickey).”, “fatal: Could not read from remote repository.”, “”, “Please make sure you have the correct access rights”, “and the repository exists.”], “stdout”: “Cloning into ‘/local_path’…\n”, “stdout_lines”: [“Cloning into ‘/local_path’…”]}

2

You need to give more info. Playbooks, inventory, what are you trying
to achieve, etc.

3

Hello, thanks for taking a look! I am trying to install needed software on hosts running RHEL 7.x (Docker, Python, Intel Parallel Studio). During play to download Intel, the play is designed to ssh into and clone from remote Git repo. It has been verified that the local host’ ssh key is known by remote server and also the server’s ssh key is known to local host, although local host is not able to read from remote. Without going into too much detail, here is the set of plays being run in playbook.yml, as well as the inventory in hosts.yml. The playbook breaks at the “Clone cots_lfs repo” play:

#####playbook.yml

4

Sounds like a permission issue somewhere.
Can you manually sudo to whatever user your playbook is using and clone the repo?
Key permissions ok?
Correct user?

5

Or: key is ok but it’s not being used because of an ssh misconfig

6

Key permissions are ok. I can manually sudo to that host, but cannot clone the repo manually, either. I don’t think there’s any SSH misconfig. I ran the ansible playbook in verbose mode (-vvv) to look at the execution statement where it breaks and here it is:

TASK [Clone cots_lfs repo] *******************************************************************************************************************************************************************************************************************************

<ip.addr> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthenticateion=no -o ConnectTimeout=1$
<ip.addr> (l, b’\r\n{“exception”: “WARNING: The below traceback may not be related to the actual failure.\n File \”/tmp/ansible_git_payload_E2Aium/ansible_git_payload.zip/ansible/modules/source_control/git.py\", line 461, in $
<ip.addr> Failed to connect to the host via SSH: FIPS mode initialized
Shared connection to <ip.addr> closed.
<ip.addr> ESTABLISH CONNECTION FOR USER: None

<ip.addr> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthenticateion=no -o ConnectTimeout=1$
<ip.addr> (0, b’ ‘, b’FIPS mode initialized\r\n’)

The full traceback is:
WARNING: The below traceback may not be realated to the actual failure.
File “/tmp/ansible_git_payload_E2Aium/ansible_git_payload.zip/ansible/modules/source_control/git.py\”, line 461, in clone
File “/usr/lib64/python2.7/os.py”, line 157, in mkdirs
mkdir(name, mode)
fatal: [Host]: FAILED! => {
“changed”: false,
“cmd”: “/usr/bin/git clone --origin 'ssh:// /local_path”,
“invocation”: {

“module_args”: {
“accept_hostkey”: false,
“archive”: null,

“bare”: false,

“clone”: true,

“depth”: null,
“dest”: “/local_path”,

“executable”: null,
“archive”: null,


}
},
“msg”: "FIPS mode initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS mode\r\nPermissions denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the $
“rc”: 128,
“stderr”: "FIPS mode initialized\r\nDisabling GSSAPIKeyExchange. Not usable in FIPS mode\r\nPermissions denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the $
“stderr_lines”: [
“FIPS mode initialized”,
"Disabling GSSAPIKeyExchange. Not usable in FIPS mode
“Permissions denied (publickey).”,
“fatal: Could not read from remote repository.”,
“”,
“Please make sure you have the correct access rights”’
“and the repository exists.”
],
“stdout”: “Cloning into ‘/local_path’…\n”,

"stdout_lines: [
“Cloning into ‘/local_path’…”,
]
}

Thanks,
Erick

7

Hi

Key permissions are ok. I can manually sudo to that host, but cannot clone the repo manually, either.

This does mean it’s not an ansible problem.

I don’t think there’s any SSH misconfig. I ran the ansible playbook in verbose mode (-vvv) to look at the execution statement where it breaks and here it is:

This is irrelevant. It doesn’t work manually, so it certainly won’t work if you add ansible to the mix. If you solve the problem manually, then it will very likely also work with ansible.

Given that this is a workstation, those have usually suffered from much more “entropy” and it can be hard to find the problem.
It’d be interesting to know what it was if you do find it.

Dick