Ping module - SSH connection fails on my Fedora 23 box

Archives Ansible Project
1

Ahoy hoy Ansiblers,
I can't get Ansible to work from my Fedora 23 box. I don't have any
firewall running, but can't even connect to localhost. Doing ssh user@m
yhost manually works perfectly. And most interestingly, if I check the
SSH log, sshd says that it "accepted password for user" when I try the
ansible ping module. But ansible keeps insisting that the SSH
connection failed. I'm really out of ideas here. Can anyone help me?

Here's some (what I think as revelant) information.

[USER@MYHOST try-ansible]$ cat ansible-hosts
[localhost]
127.0.0.1

[USER@MYHOST try-ansible]$ cat /etc/redhat-release
Fedora release 23 (Twenty Three)

[USER@MYHOST try-ansible]$ ansible -i ansible-hosts localhost -m ping
-vvvv --ask-pass
Using /etc/ansible/ansible.cfg as config file
SSH password:
Loaded callback minimal of type stdout, v2.0
<127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: None
<127.0.0.1> SSH: EXEC sshpass -d12 ssh -C -vvv -o ControlMaster=auto -o
ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o
ControlPath=$HOME/.ansible/cp/ansible-ssh-%C 127.0.0.1 '/bin/sh -c
'"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-
1467180026.69-79439094193283 `" && echo ansible-tmp-1467180026.69-
79439094193283="` echo $HOME/.ansible/tmp/ansible-tmp-1467180026.69-
79439094193283 `" ) && sleep 0'"'"''
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh.",
"unreachable": true
}

[USER@MYHOST try-ansible]$ sudo journalctl -xn -u sshd
Jun 29 08:38:51 MYHOST sshd[23839]: pam_succeed_if(sshd:auth): no
condition detected; module succeeded
Jun 29 08:38:51 MYHOST sshd[23839]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.0.0.1
user=31100822
Jun 29 08:38:51 MYHOST sshd[23839]: pam_succeed_if(sshd:account): no
condition detected; module succeeded
Jun 29 08:38:51 MYHOST sshd[23839]: Accepted password for USER from
127.0.0.1 port 57864 ssh2

Thanks in advance,
Simon

2
  1. did you try the --ask-pass command line option?
  2. ssh keys are preferable to passwords, configure those first instead. http://docs.ansible.com/ansible/intro_adhoc.html
3

Ahoy Sam,
thanks for the answer.

1. did you try the --ask-pass command line option?

Sorry, the command wasn't wrapped ideally, so you probably missed it: I
am using --ask-pass. See the full command again below.

ansible -i ansible-hosts localhost -m ping -vvvv --ask-pass

2. ssh keys are preferable to passwords, configure those first
instead. http://docs.ansible.com/ansible/intro_adhoc.html

I experience the same behavior when using keys. If you have any idea as
to what might cause this, I'd be happy to supply more information.

Any help would be highly appreciated.

All the best, Simon

4

  1. to get ssh keys to work, how about removing the --ask-pass option. Then review the logs on both client and server, it should not say “Accepted password for USER”, since it’s with keys rather than passwords.

  2. going back to passwords again: have you already run “yum install sshpass”? that is required.

5

Ahoy hoy,

I've pinpointed the source of my problems - for some reason, the
default configuration doesn't work for me. If installed via dnf,
/etc/ansible/ansible.cfg contains the line

control_path = %(directory)s/ansible-ssh-%%C

If I comment this out, ansible presumably falls back to the default
(%(directory)s/ansible-ssh-%%h-%%p-%%r), which works.

I'm probably gonna open a github issue on this. I assume it has
something to do with the fact, that my machine uses Active Directory
authentication.

Can someone point me to the documentation of what %%C does? I've
searched, but couldn't find it.

All the best, simon