Why isn't ssh-agent authenticating the private key's passphrase when I use Ansible?

0
votes

In short,

ssh-agent will authenticate the passphrase when I ssh into the remote server from the command line, but whenever I execute an ansible playbook it asks for the passphrase. My question is, why won't ssh-agent authenticate the passphrase for Ansible? How can I get it to work?

In detail,

I created a password protected private key and corresponding public key and uploaded the public key to the server. I invoked the ssh-agent using eval $(ssh-agent) and then ssh-add /etc/ansible/ssh/private-key.pem

Typing ssh-agent -l shows that the key has been added.

I can successfully ssh into the machine from the command line using ssh username@ipaddress without being asked for the passphrase. but if I execute a playbook or do something like sudo ansible -m ping server it will say

Enter passphrase for key '/etc/ansible/ssh/private-key.pem':

I tried it again in verbose mode and it gives me the following information

ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg configured module search path = [u'/etc/ansible/library']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609] Using /etc/ansible/ansible.cfg as config file Parsed /etc/ansible/hosts inventory source with ini plugin

META: ran handlers Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py <35.230.127.195> ESTABLISH SSH CONNECTION FOR USER: user6 <35.230.127.195> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o 'IdentityFile="/etc/ansible/ssh/private-key.pem"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=user6 -o ConnectTimeout=10 -o ControlPath=/home/user6/.ansible/cp/e26536be01 35.230.127.195 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"'' Enter passphrase for key '/etc/ansible/ssh/private-key.pem':

My Environment

  • Ansible version is 2.4.2.0
  • Python version is 2.7.12
  • OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g
  • The ssh keys were created using RSA (not SSH-1 RSA) and 4096 bits.
  • In ansible.cfg transport is set to smart.
  • The key is encrypted using ansible-vault, but I've tried doing it without encryption and it makes no difference.

Please help, I don't have much hair left.

UPDATE: Using transport = local executes everything locally (ie it doesn't execute the ansible playbook on the remote server(even though it looks like it does)).

1
sshansiblessh-agentpassphrase

1 Answers

-1
votes

Go to ansible.cfg file at below location:

/etc/ansible/ansible.cfg

And set the transport = local :

transport = local

Thanks