I'm trying to change the password using playbook but not getting the permission to do so.
I'm running the command:
ansible-playbook playbook.yml -k
- hosts: servers
remote_user: root
vars:
password: $1$Izd9zEZS$T11sNBK3bQgbzWkBMZq.
tasks:
- name: Changing Passwords
user:
name=root
password={{password}}
fatal: [host1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey).", "unreachable": true}
Problem
fatal: [host1]:..."msg": "Failed to connect to the host via ssh: Permission denied (publickey)."
The error message says that ansible_user, i.e the user who is running the command ansible-playbook, or ansible_user set in the inventory of the group servers, is not able to connect via SSH to root@host1 (see remote_user: root in the playbook), because the public key of ansible_user is missing in authorized_keys of root@host1.
Solution
To fix this problem, put the public key of ansible_user (in most cases ~/.ssh/id_rsa.pub) into the authorized_keys of root@host1 (in most cases /root/.ssh/authorized_keys).
Best practice
The best practice is not to allow root to login via SSH. Secure systems disable root login via SSH by default.
$ grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin no
Instead, best practice is to SSH as an unprivileged user, e.g. remote_user: admin and escalate the privilege become: yes. See details in Understanding Privilege Escalation.
-vvvv) should provide more info about which step is failing. – Halis