Ansible: To use the 'ssh' connection type with passwords, you must install the sshpass program"

Question

Recently I created new roles called spd in my existing project. While other script works fine in the setup. This newly created fails. Please point me to what is going wrong here

ansible/roles
      spd
        tasks
        templates
        defaults

deploy-spd.yml

 - hosts:
   roles:
     - spd

inventory file

[kube-master]
kubernetes-master-1 ansible_host=10.20.0.225 ansible_user=centos ansible_become=true
kubernetes-master-2 ansible_host=10.20.0.226 ansible_user=centos ansible_become=true
kubernetes-master-3 ansible_host=10.20.0.227 ansible_user=centos ansible_become=true

Failure

bash-4.3# ansible-playbook -i inventory/inventory deploy-test-ms.yml --ask-vault-pass
Vault password:

PLAY [kube-master] *************************************************************

TASK [setup] *******************************************************************
Thursday 16 March 2017  13:32:05 +0000 (0:00:00.026)       0:00:00.026 ********
fatal: [kubernetes-master-1]: FAILED! => {"failed": true, "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}
fatal: [kubernetes-master-2]: FAILED! => {"failed": true, "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}
fatal: [kubernetes-master-3]: FAILED! => {"failed": true, "msg": "to use the 'ssh' connection type with passwords, you must install the sshpass program"}

PLAY RECAP *********************************************************************
kubernetes-master-1 : ok=0    changed=0    unreachable=0    failed=1
kubernetes-master-2 : ok=0    changed=0    unreachable=0    failed=1
kubernetes-master-3 : ok=0    changed=0    unreachable=0    failed=1

UPDATE:

**With failed script**    

        Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<10.20.0.227> ESTABLISH SSH CONNECTION FOR USER: centos
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<172.23.169.137> ESTABLISH SSH CONNECTION FOR USER: centos
<10.20.0.225> ESTABLISH SSH CONNECTION FOR USER: centos
<10.20.0.226> ESTABLISH SSH CONNECTION FOR USER: centos
   
**With successfull script**    

Thursday 16 March 2017  14:03:49 +0000 (0:00:00.066)       0:00:00.066 ********
Using module file /usr/lib/python2.7/site-packages/ansible/modules/core/system/setup.py
<10.20.0.237> ESTABLISH SSH CONNECTION FOR USER: centos
<10.20.0.237> SSH: EXEC ssh -F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=centos -o ConnectTimeout=30 -o 'ControlPath=~/.ssh/ansible-%r@%h:%p' 10.20.0.237 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1489673029.48-15997231643297
4 `" && echo ansible-tmp-1489673029.48-159972316432974="` echo $HOME/.ansible/tmp/ansible-tmp-1489673029.48-159972316432974 `" ) && sleep 0'"'"''
<10.20.0.237> PUT /tmp/tmpnHJPbc TO /home/centos/.ansible/tmp/ansible-tmp-1489673029.48-159972316432974/setup.py
<10.20.0.237> SSH: EXEC scp -F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=centos -o ConnectTimeout=30 -o 'ControlPath=~/.ssh/ansible-%r@%h:%p' /tmp/tmpnHJPbc '[10.20.0.237]:/home/centos/.ansible/tmp/ansible-tmp-1489673029.48-159972316432974/setup.py'
<10.20.0.237> ESTABLISH SSH CONNECTION FOR USER: centos
<10.20.0.237> SSH: EXEC ssh -F ./ssh.cfg -o ControlMaster=auto -o ControlPersist=30m -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=centos -o ConnectTimeout=30 -o 'ControlPath=~/.ssh/ansible-%r@%h:%p' 10.20.0.237 '/bin/sh -c '"'"'chmod u+x /home/centos/.ansible/tmp/ansible-tmp-1489673029.48-159972316432974/ /home/cento
s/.ansible/tmp/ansible-tmp-1489673029.48-159972316432974/setup.py && sleep 0'"'"''

It has little to do with your Ansible playbooks. Does SSH work properly? Can you access the targets with key authentication for user `centos`? — techraf, Mar 16 '17 at 13:39
@techraf I am able to do ssh on centos vm.and ansible -i inventory/inventory -m ping all works fine. — Vikram Ranabhatt, Mar 16 '17 at 13:43
@Chris_vr you have different IPs for successful run (.237) and for failed run (.225-.227). Please double check this. — Konstantin Suvorov, Mar 16 '17 at 15:28

score 100 · Answer 1 · edited Jun 18 '23 at 15:19

100

It is the host machine which needs the sshpass program installed. Again, this error message of:

ERROR! to use the 'ssh' connection type with passwords, you must install the sshpass program

Applies to the HOST (provisioner) not the GUEST (machine(s) being provisioned). Thus install sshpass on the provisioner.

Install sshpass on Ubuntu 16.04 or similar

apt-get install sshpass

Install sshpass on Mac OS

brew install hudochenkov/sshpass/sshpass

Source: How to install sshpass on Mac?

edited Jun 18 '23 at 15:19

CatEnthusiast

5
3

answered Mar 25 '17 at 23:05

DanCat

2,504
2
19
26

5

For CentOS / Red Hat: `sudo yum install -y http://mirror.centos.org/centos/7/extras/x86_64/Packages/sshpass-1.06-2.el7.x86_64.rpm` – Noam Manos Mar 06 '18 at 10:31
is it bad to install sshpass on a production server ? https://www.tecmint.com/sshpass-non-interactive-ssh-login-shell-script-ssh-password/ – openCivilisation Jan 29 '19 at 08:10

mirageglobe · Answer 2 · 2022-01-22T08:30:17.877

32

Just to add to various answers above and this method directly resolves and answers the main issue as stated in the title.

It is possible to pass the parameter using paramiko, which is another pure python implementation of SSH. This is supported by ansible and would be the preferred option as it relies on less cross language dependancies that has to be separately managed; Thus this essentially by-passes the need for another library installed on your host machine : sshpass.

instead of using the connection ssh as below :

$ansible-playbook -i hosts -v -b -c ssh --ask-pass myplaybook.yml

you can and will find it easier to use the following :

$ansible-playbook -i hosts -v -b -c paramiko --ask-pass myplaybook.yml

if you are interested, you can read more here: http://www.paramiko.org/

thanks for additional comments as mention, via the paramiko way, you can also set it in your inventory file, or set it as a playbook option.

edited Jan 22 '22 at 08:30

answered Aug 22 '18 at 12:23

mirageglobe

2,446
2
24
30

3

...which you can specify in your `inventory` file with `ansible_connection=paramiko`, instead of the CLI param. – eduncan911 Jan 05 '20 at 21:35
Yet another way is to set it as a playbook option, `connection: paramiko_ssh`. I commonly use this on a single "bootstrap" playbook that sets up new hosts with authorized public SSH keys. Then everything else keeps the default. Enabling Paramiko in inventory (or `ansible.cfg`) is more permanently using a slower method. – ches Jun 12 '20 at 06:19
1

ansible 2.7.10. The param in ansible.cfg should be: [defaults] transport = paramiko – styshoo Dec 10 '21 at 12:33

score 10 · Accepted Answer · edited May 27 '19 at 14:51

10

The issue was because of use of attribute ansible_password in /defaults/main.yml. I have maintained lots of variables in this file to be used by script along with attribute ansible_password.

- include_vars: "{{ role_path}}/defaults/main.yml"

The attribute ansible_password is reserved for use by Ansible. Now I changed the variable name to ansible_pass and it is working fine.

edited May 27 '19 at 14:51

splash

13,037
1
44
67

answered Mar 20 '17 at 12:01

Vikram Ranabhatt

7,268
15
70
133

2

To restate this: having "ansible_password" defined will supersede your private key setting, and cause ansible to want to use `sshpass` -- usually this is due to group_vars combining in an unexpected way. – Andrew Theken Mar 30 '19 at 12:17

score 7 · Answer 4 · answered Feb 16 '21 at 09:04

7

For UBUNTU

sudo apt install sshpass

After this run ansible script

answered Feb 16 '21 at 09:04

Vineet Kumar

333
4
7

score 7 · Answer 5 · answered Oct 14 '21 at 19:50

7

For macOS

brew install esolitos/ipa/sshpass

To quickly verify I would just ping

ansible all -i path/to/host -m ping

answered Oct 14 '21 at 19:50

pixelsoccupied

111
1
3

score 1 · Answer 6 · answered Nov 08 '20 at 06:27

1

Use ansible_password to ansible_pass and that will do it!

answered Nov 08 '20 at 06:27

Mawty

428
3
10

score 1 · Answer 7 · answered Dec 23 '21 at 10:39

1

for MacOS brew install sshpass resolved this issue for me

answered Dec 23 '21 at 10:39

rok

9,403
17
70
126

2

It appears sshpass was renamed to sshs. Given error: `We won't add sshpass because it makes it too easy for novice SSH users to` – spuder Mar 18 '22 at 19:48

score 0 · Answer 8 · answered Apr 30 '22 at 06:53

0

brew install hudochenkov/sshpass/sshpass

this path seem ok

answered Apr 30 '22 at 06:53

Samuel

228
2
13

score 0 · Answer 9 · answered Jul 20 '22 at 10:13

0

in your client machine install sshpass. Ubuntu: sudo apt install sshpass CentOs: yum install sshpass

answered Jul 20 '22 at 10:13

javidasd

1,126
13
18

score 0 · Answer 10 · answered Jul 05 '23 at 13:22

0

For centOS, use sudo yum install sshpass

answered Jul 05 '23 at 13:22

Dubey Ravi vinod

312
2
9

Ansible: To use the 'ssh' connection type with passwords, you must install the sshpass program"

10 Answers10