2

I have encrypted the AWS .pem file with ansible vault to upload to GitHub. I'm running the playbook in Jenkins and is failing with error {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}. If tried to run the playbook manually its asking me to enter passphrase which I haven't set. I'm running the playbook with --vault-password-file. I have set the permissions to 700 before running playbook.

Any idea why ansible started asking for passphrase after encrypting with ansible-vault and how toresolve this issue?

Udaykiran R
  • 362
  • 2
  • 6
  • 16

1 Answers1

0

When ssh asks you to enter a passphrase and you know that they .pem file does not have an associated passphrase, it is normally an indication that ssh cannot interpret the file.

This might be because the format has been modified (eg strange linebreak characters) or it does not contain the expected header, key and footer.

Based upon your description, it would appear that ssh is trying to use the encrypted version of your file, which it cannot interpret. You will need to decrypt the file before using it with ssh.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • actually when I run the ansible playbook it decrypts the file and then uses it – Udaykiran R Apr 26 '17 at 06:46
  • Are you sure? Can you look at the file after it has been decrypted to confirm that the contents looks "normal"? – John Rotenstein Apr 26 '17 at 08:02
  • when I use `ansible-vault decrypt` to decrypt and see the contents its the same and works. When I run the ansible playbooks with `--vault-password-file` ansible will decrypt the file internally and uses it(the content remains same after the playbook is run). – Udaykiran R Apr 27 '17 at 10:56
  • Can you successfully ssh to the instance using the decrypted pem file (that is, use `ansible-vault decrypt` and then use it to ssh to the instance)? If so, it really points the finger at the automatic decryption process as part of the playbook. – John Rotenstein Apr 27 '17 at 11:57