OK, maybe a solution (workaround?)
I got another error message later, which clarified the failing command:
FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote
[email protected]:xxxxxxxxxxx.git -h refs/heads/HEAD", "
So I ssh'ed to the machine and issued exactly this command:
The response lead me to an offending, but not obvious "known_host" entry
(which obviously described "github.com"), maybe left by "ssh-agent" (hmm,
didn't know that. Shouldn't be left there I guess).
Warning: the ECDSA host key for 'github.com' differs from the key for the
IP address '140.82.121.3'
Offending key for IP in /home/ubuntu/.ssh/known_hosts:2
I removed this entry in line 2 and it worked. So the fix is: Remove
everything from your .ssh/known_hosts which looks like remains from
ssh-agent. It might trap the github auth.
Neil Young schrieb am Freitag, 24. März 2023 um 13:28:10 UTC+1:
> To be specific: I'm unable to execute this (and maybe many other lines as
> well) now. I can update the project with manual git command on the target
> host, but not with Ansible from my machine:
>
> - name: SOFTWARE - Clone xxx-project (run as non-privileged user)
> tags: software
> git:
> repo: "{{ xxx_procect_git_repo_clone_url }}"
> dest: xxx-project
> force: yes
> become: yes
> become_user: "{{ non_root_user }}"
>
>
> Neil Young schrieb am Freitag, 24. März 2023 um 13:20:26 UTC+1:
>
>> Hi,
>>
>> This morning I noticed this error while attempting to update a project on
>> my server via `git clone` (I'm using Ansible's ssh-agent-forwarding, which
>> worked fine for months)
>>
>> <quote>
>>
>> "Failed to download remote objects and refs:
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>> Someone could be eavesdropping on you right now (man-in-the-middle
>> attack)!
>> It is also possible that a host key has just been changed.
>> The fingerprint for the RSA key sent by the remote host is
>> SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s.
>> Please contact your system administrator.
>> Add correct host key in /home/ubuntu/.ssh/known_hosts to get rid of this
>> message.
>> Offending RSA key in /home/ubuntu/.ssh/known_hosts:1
>> remove with:
>> ssh-keygen -f \"/home/ubuntu/.ssh/known_hosts\" -R \"github.com\"
>> RSA host key for github.com has changed and you have requested strict
>> checking.
>> Host key verification failed.
>> fatal: Could not read from remote repository.
>> Please make sure you have the correct access rights
>> and the repository exists.
>>
>> </quote>
>>
>> The fix didn't solve the problem, just changed the error message:
>>
>> <quote>
>>
>> TASK [SOFTWARE - Clone xxx-project (run as non-privileged user)]
>> ********************************************************************************************************************************************************************************
>> fatal: [server]: FAILED! => {"changed": false, "cmd": ["/usr/bin/git",
>> "fetch", "--tags", "--force", "origin"], "msg": "Failed to download remote
>> objects and refs: Host key verification failed.\r\nfatal: Could not read
>> from remote repository.\n\nPlease make sure you have the correct access
>> rights\nand the repository exists.\n"}
>>
>> </quote>
>>
>> I then discovered this blog entry which states, that Github updated their
>> RSA SSH key this morning:
>>
>> https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
>>
>> Now, everything they suggest work somehow. But it doesn't fix the
>> problem, that I'm unable to clone my project on the target machine.
>>
>> Anybody having the same issue and maybe a solution?
>>
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/1e7ac8cd-d4b5-41e0-a314-bf048257dbe7n%40googlegroups.com.
