3

Anyone know why this isn't working?

I'm using Ansible on Cygwin using a compiled version of sshpass. I followed the instructions at http://www.jeffgeerling.com/blog/running-ansible-within-windows for setting it up. Here's my /etc/ansible/hosts file:

10.240.227.56 ansible_ssh_pass='password' ansible_user='domain\userid'
10.240.227.59 ansible_ssh_pass='password' ansible_user='domain\userid' ansible_become=true ansible_become_method=sudo ansible_become_user=privilegeduser

I was trying this out with two different hosts and two different configurations to see if I could narrow down the problem, but they are behaving identically. Here's what I get when I try to ping the hosts:

$ ansible all -vvv -m ping
No config file found; using defaults
<10.240.227.56> ESTABLISH SSH CONNECTION FOR USER: domain\userid
<10.240.227.59> ESTABLISH SSH CONNECTION FOR USER: domain\userid
<10.240.227.56> SSH: EXEC sshpass -d48 ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o 'User=domain\userid' -o ConnectTimeout=10 -o ControlPath=/home/userid/.ansible/cp/ansible-ssh-%h-%p-%r 10.240.227.56 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1462472936.54-168377440229444 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1462472936.54-168377440229444 `" )'"'"''
<10.240.227.59> SSH: EXEC sshpass -d49 ssh -C -q -o ControlMaster=auto -o ControlPersist=60s -o 'User=domain\userid' -o ConnectTimeout=10 -o ControlPath=/home/userid/.ansible/cp/ansible-ssh-%h-%p-%r 10.240.227.59 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1462472936.54-274121315105946 `" && echo "` echo /tmp/ansible-tmp-1462472936.54-274121315105946 `" )'"'"''
10.240.227.59 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}
10.240.227.56 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh.",
    "unreachable": true
}

The remote side is a RHEL 7 VM using Windows authentication, hence the "domain\userid" username.

I can connect fine using the same credentials on the command line using plain old ssh. I can also connect just fine using sshpass. And when I try to ping the hosts using ansible, the remote side's /var/log/secure shows that the password authentication succeeded.

I've confirmed that Python 2.7x is on the managed hosts.

The user I'm trying to log in as, domain\userid, is unprivileged. When I log into that box manually, I sudo su - privilegeduser with my domain\userid password, and can then sudo the rest of the way, as root or whomever.

Bruce Becker
  • 302
  • 1
  • 4
  • 18
hourback
  • 288
  • 1
  • 5
  • 16
  • If you run exact command from ansible log line "SSH: EXEC", does it work? Also you may try to specify user as domain\\userid to avoid string escaping. – Selivanov Pavel Mar 01 '17 at 11:35

2 Answers2

1

Use -vvvvv (5 'v's) for full SSH debugging.

xddsg
  • 3,392
  • 2
  • 28
  • 33
0

For anyone else who lands here while tearing their hair out over an EXEC line that runs fine when you use it directly, but times out when Ansible uses it, if you've got Firejail installed, check if which ssh turns up a /usr/local/bin/ssh that's a symlink to firejail.

SSH is on the list of things firecfg will write a wrapper for by default and Firejail can easily break this... for example, by making ssh and ansible/ansible-playbook not see the same thing at whatever path Ansible specifies as its ControlPath.

ssokolow
  • 141
  • 5