Thanks. I quoted this in my original post. Meanwhile this is the way I found and it made the ssh-agent deployment run on 5+ machines again:
- Remove everything from the target hosts ~/.ssh/known_host - Follow the suggestions given in the blog entry to add the. new github keys Simon Kelly schrieb am Freitag, 24. März 2023 um 13:41:24 UTC+1: > You can find out more about why this happened on this Github blog: > https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ > > *Simon Kelly* > > Senior Director of Server Engineering > > Dimagi | www.dimagi.com > > > On Fri, 24 Mar 2023 at 14:37, 'Neil Young' via Ansible Project < > [email protected]> wrote: > >> OK, maybe a solution (workaround?) >> >> I got another error message later, which clarified the failing command: >> >> FAILED! => {"changed": false, "cmd": "/usr/bin/git ls-remote >> [email protected]:xxxxxxxxxxx.git -h refs/heads/HEAD", " >> >> So I ssh'ed to the machine and issued exactly this command: >> >> The response lead me to an offending, but not obvious "known_host" entry >> (which obviously described "github.com"), maybe left by "ssh-agent" >> (hmm, didn't know that. Shouldn't be left there I guess). >> >> Warning: the ECDSA host key for 'github.com' differs from the key for >> the IP address '140.82.121.3' >> >> Offending key for IP in /home/ubuntu/.ssh/known_hosts:2 >> >> >> I removed this entry in line 2 and it worked. So the fix is: Remove >> everything from your .ssh/known_hosts which looks like remains from >> ssh-agent. It might trap the github auth. >> >> >> >> >> Neil Young schrieb am Freitag, 24. März 2023 um 13:28:10 UTC+1: >> >>> To be specific: I'm unable to execute this (and maybe many other lines >>> as well) now. I can update the project with manual git command on the >>> target host, but not with Ansible from my machine: >>> >>> - name: SOFTWARE - Clone xxx-project (run as non-privileged user) >>> tags: software >>> git: >>> repo: "{{ xxx_procect_git_repo_clone_url }}" >>> dest: xxx-project >>> force: yes >>> become: yes >>> become_user: "{{ non_root_user }}" >>> >>> >>> Neil Young schrieb am Freitag, 24. März 2023 um 13:20:26 UTC+1: >>> >>>> Hi, >>>> >>>> This morning I noticed this error while attempting to update a project >>>> on my server via `git clone` (I'm using Ansible's ssh-agent-forwarding, >>>> which worked fine for months) >>>> >>>> <quote> >>>> >>>> "Failed to download remote objects and refs: >>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >>>> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ >>>> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ >>>> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! >>>> Someone could be eavesdropping on you right now (man-in-the-middle >>>> attack)! >>>> It is also possible that a host key has just been changed. >>>> The fingerprint for the RSA key sent by the remote host is >>>> SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. >>>> Please contact your system administrator. >>>> Add correct host key in /home/ubuntu/.ssh/known_hosts to get rid of >>>> this message. >>>> Offending RSA key in /home/ubuntu/.ssh/known_hosts:1 >>>> remove with: >>>> ssh-keygen -f \"/home/ubuntu/.ssh/known_hosts\" -R \"github.com\" >>>> RSA host key for github.com has changed and you have requested >>>> strict checking. >>>> Host key verification failed. >>>> fatal: Could not read from remote repository. >>>> Please make sure you have the correct access rights >>>> and the repository exists. >>>> >>>> </quote> >>>> >>>> The fix didn't solve the problem, just changed the error message: >>>> >>>> <quote> >>>> >>>> TASK [SOFTWARE - Clone xxx-project (run as non-privileged user)] >>>> ******************************************************************************************************************************************************************************** >>>> fatal: [server]: FAILED! => {"changed": false, "cmd": ["/usr/bin/git", >>>> "fetch", "--tags", "--force", "origin"], "msg": "Failed to download remote >>>> objects and refs: Host key verification failed.\r\nfatal: Could not read >>>> from remote repository.\n\nPlease make sure you have the correct access >>>> rights\nand the repository exists.\n"} >>>> >>>> </quote> >>>> >>>> I then discovered this blog entry which states, that Github updated >>>> their RSA SSH key this morning: >>>> >>>> https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ >>>> >>>> Now, everything they suggest work somehow. But it doesn't fix the >>>> problem, that I'm unable to clone my project on the target machine. >>>> >>>> Anybody having the same issue and maybe a solution? >>>> >>>> >>>> -- >> You received this message because you are subscribed to the Google Groups >> "Ansible Project" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/ansible-project/1e7ac8cd-d4b5-41e0-a314-bf048257dbe7n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/ansible-project/1e7ac8cd-d4b5-41e0-a314-bf048257dbe7n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/78117db9-96bd-4f96-9ac8-4a092f97e406n%40googlegroups.com.
