Ansible issue with ssh authentication

Question

i have searched around this problem for a while now but didnt find anything that helps.

We are using ansible to automate our Juniper devices and therefore use the ansible juniper modules. When i try to use "junos_facts" for example, i can execute it without problems on host1, but on host2 i get either a PasswordRequiredException or an AuthenticationException when i add -k in the cli

TASK [proact-junos-test : Gather JunOS facts] ***************************************************************************************************************************************************
fatal: [host2]: FAILED! => {"changed": false, "msg": "PasswordRequiredException('Private key file is encrypted')"}
ok: [host1]

i tried every possible combination of parameters in cli, in ansible.cfg, in the playbook itself. For some reason it works on one host but not the other. I have deployed the same key on both host and have it stored in my ssh-agent. I can ssh to both hosts without a problem.

Can anyone help me with this? Thanks

score 1 · Accepted Answer · edited Mar 17 '22 at 19:10

1

For anyone having the same issue, the problem was that the remote host didn't accept my SSH key algorithm, because, since Paramiko 2.9, it was deprecated.

So, I installed Paramike 2.8.1 and it worked

edited Mar 17 '22 at 19:10

β.εηοιτ.βε

33,893
13
69
83

answered Mar 17 '22 at 14:14

morikules

21
5

You mean you can't SSH to the server by private key manually? My problem is that I can SSH to the server manually, but can't perform the same functionality with identical keys! – Mostafa Ghadimi Jul 30 '22 at 07:50
No i was able to ssh manually but not via ansible. Downgrading Paramiko helped, but now i have the problem again even with Paramiko at 2.8.1 – morikules Aug 02 '22 at 07:23
Didn't work for me. – frogstarr78 Aug 10 '22 at 22:15

score 0 · Answer 2 · answered Feb 15 '22 at 09:33

0

As far as I can understand, the problem is that ssh key is encrypted. Try to add ssh key to ssh agent (if you have it).

If you don't have, there is a simple trick:

eval $(ssh-agent)
ssh-add path/to/private/ssh/key
ansible ...

If you are running this in CI/CD environment you'll need to fight with ssh-add about the way to ask password, but that's a different story.

answered Feb 15 '22 at 09:33

George Shuklin

6,952
10
39
80

1

i am using a ssh-agent and i can ssh to both hosts without needing to enter my ssh password. So thats not the issue. Somehow it ansible doesnt want to use it for some hosts – morikules Feb 15 '22 at 09:44
But it think it seems to be a problem with the ProxyCommand we are using. ProxyCommand ssh -W %h:%p -q [jumphost] . Because when i do it from the jumphost itself without this proxycommand it works just fine – morikules Feb 15 '22 at 09:49
It's insecure, but you can try to pass your agent: `-A` option to ssh. (`ssh -A -W ...`). – George Shuklin Feb 15 '22 at 12:14

Ansible issue with ssh authentication

2 Answers2