-2

Iam trying to run a playbook of ansible on the remote host. But the first step of logging in isnt happening. tried the following:

  • updated the ansible/hosts file with the remote host credentials
  • Adding host_key_checking=false
  • In sshd_config file I have set the ChallengeResponseAuthentication =yes (and restarted the ssh)
  • Ansible version is 2.3

The output:

fatal: [10.236.155.69]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: 
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the ECDSA key sent by the remote host is\n47:0a:1a:05:f2:49:1e:cc:99:2a:47:d8:67:4f:4c:2e.
    Please contact your system administrator.
    Add correct host key in /root/.ssh/known_hosts to get rid of this message.
    Offending ECDSA key in /root/.ssh/known_hosts:2
      remove with: ssh-keygen -f \"/root/.ssh/known_hosts\" -R 10.236.155.69
    Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
    Permission denied (publickey,password,keyboard-interactive).
    ",
    "unreachable": true
}
Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
Amruthapv
  • 1
  • 1
  • 1

1 Answers1

1

If it's your host, you should remove SSH fingerprint from /root/.ssh/known_hosts on line 2. You could remove it with command: ssh-keygen -f \"/root/.ssh/known_hosts\" -R 10.236.155.69 or do it manually using any text editor. This caused by reinstalling server with cause regeneration SSH fingerprint. If you don't do anything with this host, it could be security issue.

Alexander Tolkachev
  • 4,608
  • 3
  • 14
  • 23
  • Yes I did that and now the output with -vvv option shows this: – Amruthapv Jul 18 '17 at 03:46
  • Using module file /usr/local/lib/python2.7/dist-packages/ansible-2.3.0.0-py2.7.egg/ansible/modules/system/setup.py <10.236.155.69> ESTABLISH SSH CONNECTION FOR USER: admin <10.236.155.69> SSH: EXEC sshpass -d11 ssh -C -o StrictHostKeyChecking=no -o StrictHostKeyChecking=no -o User=admin -o ConnectTimeout=10 10.236.155.69 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' <10.236.155.69> (255, '\x07\r\nError: "/bin/sh" is not a recognized command\r\n\r\n', "Warning: Permanently added '10.236.155.69' (ECDSA) to the list of known hosts.\r\n") – Amruthapv Jul 18 '17 at 03:48
  • Also in the ansible.cfg file the following has been updated: ssh_args = -C -o StrictHostKeyChecking=no – Amruthapv Jul 18 '17 at 03:51