Hi,
We're using a proprietary SSH (ie. not OpenSSH...sigh..not my choice) and
have run into an issue where there seems to be hardcoded OpenSSH options in
Ansible?
The SSH we're using has differing naming for some of the SSH options.
Looking at the command output shows several SSH options that aren't in the
ansible.cfg file and we can't seem to find where the OpenSSH options are
coming from?
Does Ansible have a dependency on OpenSSH? Is there a workaround for the
hard coded options?
For example:
The /etc/ansible/ansible.cfg ssh_args reads:
[ssh_connection]
ssh_args = -o ConnectionReuse=yes -o
AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes
But when we run a simple test of the connectivity we get a the error:
> (1, b'', b"Invalid option: 'KbdInteractiveAuthentication=no'\r\n")
<ea-krishna.admin.virginia.edu> Failed to connect to the host via ssh:
Invalid option: 'KbdInteractiveAuthentication=no'
Output from the command "ansible -vvv all -m shell -a 'uptime -p'" shows a
number of additional options that are incompatible with our proprietary SSH
:
SSH: EXEC ssh -o ConnectionReuse=yes -o
AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes
-o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o 'User="ansible"' -o ConnectTimeout=10
Many Thanks!
Complete test output:
Output for a simple command showing a connection failure...
ansible -vvv all -m shell -a 'uptime -p'
ansible 2.9.25
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/ansible/.ansible/plugins/modules',
'/usr/share/ansible/plugins/modules']
ansible python module location =
/opt/freeware/lib/python3.7/site-packages/ansible
executable location = /opt/freeware/bin/ansible
python version = 3.7.12 (default, Dec 15 2021, 03:25:47) [GCC 8.3.0]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its
verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its
verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its
verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
<SERVERNAME> ESTABLISH SSH CONNECTION FOR USER: ansible
<SERVERNAME> SSH: EXEC ssh -o ConnectionReuse=yes -o
AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes
-o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o
PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o 'User="ansible"' -o ConnectTimeout=10
SERVERNAME '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo
$HOME/.ansible/tmp `"&& mkdir "` echo
$HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076
`" && echo ansible-tmp-1676913038.373544-29753714-228961199446076="` echo
$HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076
`" ) && sleep 0'"'"''
<SERVERNAME> (1, b'', b"Invalid option:
'KbdInteractiveAuthentication=no'\r\n")
<ea-krishna.admin.virginia.edu> Failed to connect to the host via ssh:
Invalid option: 'KbdInteractiveAuthentication=no'
ea-krishna.admin.virginia.edu | UNREACHABLE! => {
"changed": false,
"msg": "Failed to create temporary directory.In some cases, you may have
been able to authenticate and did not have permissions on the target
directory. Consider changing the remote tmp path in ansible.cfg to a path
rooted in \"/tmp\", for more error information use -vvv. Failed command
was: ( umask 77 && mkdir -p \"` echo $HOME/.ansible/tmp `\"&& mkdir \"`
echo
$HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076
`\" && echo ansible-tmp-1676913038.373544-29753714-228961199446076=\"` echo
$HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076
`\" ), exited with result 1",
"unreachable": true
}
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/a0d4df2d-4107-4519-a0f0-6dcd5bee7977n%40googlegroups.com.
