Not all options are available to users for configuration. `KbdInteractiveAuthentication` is one that cannot be changed unless you use password based authentication, as it's a hard coded config in the `ssh` plugin.
The other option would be to write your own connection plugin. On Tue, Feb 21, 2023 at 5:26 PM Dennis Collins <[email protected]> wrote: > Hi, > > We're using a proprietary SSH (ie. not OpenSSH...sigh..not my choice) and > have run into an issue where there seems to be hardcoded OpenSSH options in > Ansible? > > The SSH we're using has differing naming for some of the SSH options. > > Looking at the command output shows several SSH options that aren't in the > ansible.cfg file and we can't seem to find where the OpenSSH options are > coming from? > > Does Ansible have a dependency on OpenSSH? Is there a workaround for the > hard coded options? > > For example: > > The /etc/ansible/ansible.cfg ssh_args reads: > > [ssh_connection] > ssh_args = -o ConnectionReuse=yes -o > AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes > > But when we run a simple test of the connectivity we get a the error: > > > (1, b'', b"Invalid option: 'KbdInteractiveAuthentication=no'\r\n") > <ea-krishna.admin.virginia.edu> Failed to connect to the host via ssh: > Invalid option: 'KbdInteractiveAuthentication=no' > > Output from the command "ansible -vvv all -m shell -a 'uptime -p'" shows a > number of additional options that are incompatible with our proprietary SSH > : > > SSH: EXEC ssh -o ConnectionReuse=yes -o > AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes > -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey > -o PasswordAuthentication=no -o 'User="ansible"' -o ConnectTimeout=10 > > Many Thanks! > > > Complete test output: > > Output for a simple command showing a connection failure... > > ansible -vvv all -m shell -a 'uptime -p' > ansible 2.9.25 > config file = /etc/ansible/ansible.cfg > configured module search path = ['/home/ansible/.ansible/plugins/modules', > '/usr/share/ansible/plugins/modules'] > ansible python module location = > /opt/freeware/lib/python3.7/site-packages/ansible > executable location = /opt/freeware/bin/ansible > python version = 3.7.12 (default, Dec 15 2021, 03:25:47) [GCC 8.3.0] > Using /etc/ansible/ansible.cfg as config file > host_list declined parsing /etc/ansible/hosts as it did not pass its > verify_file() method > script declined parsing /etc/ansible/hosts as it did not pass its > verify_file() method > auto declined parsing /etc/ansible/hosts as it did not pass its > verify_file() method > Parsed /etc/ansible/hosts inventory source with ini plugin > Skipping callback 'actionable', as we already have a stdout callback. > Skipping callback 'counter_enabled', as we already have a stdout callback. > Skipping callback 'debug', as we already have a stdout callback. > Skipping callback 'dense', as we already have a stdout callback. > Skipping callback 'dense', as we already have a stdout callback. > Skipping callback 'full_skip', as we already have a stdout callback. > Skipping callback 'json', as we already have a stdout callback. > Skipping callback 'minimal', as we already have a stdout callback. > Skipping callback 'null', as we already have a stdout callback. > Skipping callback 'oneline', as we already have a stdout callback. > Skipping callback 'selective', as we already have a stdout callback. > Skipping callback 'skippy', as we already have a stdout callback. > Skipping callback 'stderr', as we already have a stdout callback. > Skipping callback 'unixy', as we already have a stdout callback. > Skipping callback 'yaml', as we already have a stdout callback. > META: ran handlers > <SERVERNAME> ESTABLISH SSH CONNECTION FOR USER: ansible > <SERVERNAME> SSH: EXEC ssh -o ConnectionReuse=yes -o > AllowedAuthentications=keyboard-interactive,gssapi-with-mic,publickey,password=yes > -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey > -o PasswordAuthentication=no -o 'User="ansible"' -o ConnectTimeout=10 > SERVERNAME '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo > $HOME/.ansible/tmp `"&& mkdir "` echo > $HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076 > `" && echo ansible-tmp-1676913038.373544-29753714-228961199446076="` echo > $HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076 > `" ) && sleep 0'"'"'' > <SERVERNAME> (1, b'', b"Invalid option: > 'KbdInteractiveAuthentication=no'\r\n") > <ea-krishna.admin.virginia.edu> Failed to connect to the host via ssh: > Invalid option: 'KbdInteractiveAuthentication=no' > ea-krishna.admin.virginia.edu | UNREACHABLE! => { > "changed": false, > "msg": "Failed to create temporary directory.In some cases, you may have > been able to authenticate and did not have permissions on the target > directory. Consider changing the remote tmp path in ansible.cfg to a path > rooted in \"/tmp\", for more error information use -vvv. Failed command > was: ( umask 77 && mkdir -p \"` echo $HOME/.ansible/tmp `\"&& mkdir \"` > echo > $HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076 > `\" && echo ansible-tmp-1676913038.373544-29753714-228961199446076=\"` echo > $HOME/.ansible/tmp/ansible-tmp-1676913038.373544-29753714-228961199446076 > `\" ), exited with result 1", > "unreachable": true > } > > -- > You received this message because you are subscribed to the Google Groups > "Ansible Project" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/ansible-project/a0d4df2d-4107-4519-a0f0-6dcd5bee7977n%40googlegroups.com > <https://groups.google.com/d/msgid/ansible-project/a0d4df2d-4107-4519-a0f0-6dcd5bee7977n%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- Matt Martz @sivel sivel.net -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAD8N0v-QN_38Zc-hj71Z%2BO_qpr%3DYABu%3Dv%3DsGfYt0dBtGNtz_Kg%40mail.gmail.com.
