--private-key broken???

Archives Ansible Project
1

Hi,

I’m trying to fire ansible from cron job and am failing as --private-key directive doesn’t seem to have effect. I can replicate the issue from CLI as well. So to illustrate:

$ ssh -i /home/ansible/.ssh/id_rsa_ansible_key root@server.com hostname
server.com
$ /usr/bin/ansible-playbook --private-key=/home/ansible/.ssh/id_rsa_ansible_key -u root -t info -i inventory my_playbook.yml

PLAY [web] ********************************************************************

GATHERING FACTS ***************************************************************
fatal: [server.com] => SSH Error: muxserver_listen bind(): Permission denied
while connecting to 1.2.3.4:22
It is sometimes useful to re-run the command using -vvvv, which prints SSH debug output to help diagnose the issue.

TASK: [task1 | retrieve info] **************************
FATAL: no hosts matched or all hosts have already failed – aborting

I have also tried to launch with more verbose output, from which I get:

ssh -C -tt -vvv -o ControlMaster=auto -o ControlPath=%r-%h-%p -o StrictHostKeyChecking=no -o Port=22 -o IdentityFile=“/home/ansible/.ssh/id_rsa_ansible_key” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 server.com /bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-tmp-1434052273.15-260807475369322 && echo $HOME/.ansible/tmp/ansible-tmp-1434052273.15-260807475369322

so apparently it’s attempting to pass proper file to SSH, but somehow it doesn’t work? So I ran above ssh command (shortened a bit):

$ ssh -C -tt -vvv -o ControlMaster=auto -o ControlPath=%r-%h-%p -o StrictHostKeyChecking=no -o Port=22 -o IdentityFile=“/home/ansible/.ssh/id_rsa_ansible_key” -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 server.com

debug1: Offering public key: /home/ansible/.ssh/id_rsa_ansible_key
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug3: Wrote 368 bytes for a total of 1645
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: SHA1 fp
debug3: sign_and_send_pubkey: RSA
debug1: read PEM private key done: type RSA
debug3: Wrote 640 bytes for a total of 2285
debug1: Enabling compression at level 6.
debug1: Authentication succeeded (publickey).

debug3: muxserver_listen: temporary control path root-server.com-22.sGN6uqisXSNkH0PM
muxserver_listen bind(): Permission denied

Note, that when I launch same playbook from my user account with my key file preloaded - no issues. So it is not that key authentication doesn’t work with Ansible, it’s the --private-key that introduces something that breaks connection, now what?