"No authentication methods available" with NETCONF

Hello! I am running into a persistent “No authentication methods available” issue. ansible_password is encrypted in group_vars/all via ansible-vault, and the vault-password-file is specified in ansible.cfg. I expect that there’s something it doesn’t understand about the connection method or authentication specified in the playbook or variables, and straight up I’m a n00b at this, so perhaps the gurus here can tell me what doubtless stupid thing I have missed.

Version:

ansible [core 2.17.7]
  config file = /home/ansible/ansible-core/ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.11.2 (main, Sep 14 2024, 03:00:30) [GCC 12.2.0] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Target Device OS: Junos NETCONF via SSH

Contents of group_vars/all as decrypted in ansible-vault:

ansible@ansible-core:~/ansible-core$ ansible-vault view group_vars/all
ansible_network_os: junos
ansible_user: ansible 
ansible_password: [redacted]

Playbook in question

---
- name: Get device facts and configurations.
  hosts: ex4650
  connection: ansible.netcommon.netconf
  gather_facts: false

  tasks:
    - name: Read the chassis hardware.
      junipernetworks.junos.junos_command:
        commands: show chassis hardware
      register: chassis_hdwr

    - name: Add newline to last text line.
      shell: "echo >> {{ xml_config_file.backup_path }}"
      delegate_to: localhost

    - name: Write a blank line to the xml config file.
      shell: "echo >> {{ xml_config_file.backup_path }}"
      delegate_to: localhost

    - name: Write the chassis hardware info to the xml config file.
      shell: "echo {{ item }} >> {{ xml_config_file.backup_path }}"
      delegate_to: localhost
      loop: '{{ chassis_hdwr.stdout_lines[0][0:] }}'
      when: item.split()[0] == "Chassis"

Contents of ansible.cfg

[defaults]
# Because of the size of the network, fact-gathering is done overnight on its own cron job and 
# should be trusted.
default_gathering = explicit    

# Inventory list defaults to inventory.yml
inventory = ~ansible/ansible-core/hosts

# Where to find the Ansible vault password. 
vault_password_file =~ansible/ansible-core/core-vault

# Have NETCONF use port 22 for connections.
remote_port = 22

[Paramiko connection]
# Paramiko should automatically add new hosts to ansible's known_hosts file.
host_key_auto_add = true

What’m I missing?

Thanks.

More information: I don’t seem to have a /usr/share/ansible/plugins/modules directory. Will this matter, and what is supposed to be there?

that might not be populated depending on your installation method, it should not be an issue unless you get ‘module not found’ or similar messages.

What you are getting is normally related to the client/server ssh not agreeing on available authentication methods or security settings, use -vvvvv to get more details.

As it happened, that was exactly the problem, and I’ve fixed it (I think). Debian stashed the plugins, collections, and modules for Ansible in the most bizarre location ever:

/usr/lib/python3/dist-packages

I told the config file to look there, and all of a sudden it found paramiko. Imagine that.

Thank you for responding!

you should not need to update the config to find those, that is where Ansible itself is normally installed and it is always able to find those, the configured paths are for ‘extra’ ones. Also you would have had a different error ‘could not find connection plugin’, if that were the actual issue.

I ended up scrapping and reworking ansible.cfg from init, but that worked. I got nothing. I appreciate the help.