Ansible fortigate: "msg": AnsiballZ_ping.py:501-Permission Denied - ansible
Today, I wanted to test Ansible to manage Fortigate, so, I set up a simulation environment.
when I echo ansible fg -m ping, I get an error msg, like this
192.168.18.150 | FAILED! => {
"msg": "failed to transfer file to /root/.ansible/tmp/ansible-local-46555w_4g4b_n/tmpdfc1l7yc ansible-test #/AnsiballZ_ping.py:\n\n501-Permission Denied\n"
}
I did enable scp in Fortigate
config system global
set admin-scp enable
And I already had scp_if_ssh=True in the [ssh_connection] section of ansible.cfg
Running the command with -vvvv, I get this
ansible 2.9.21
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory as it did not pass its verify_file() method
auto declined parsing /etc/ansible/inventory as it did not pass its verify_file() method
Parsed /etc/ansible/inventory inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/plugins/callback/minimal.py
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
<192.168.18.150> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.18.150> SSH: EXEC sshpass -d9 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 192.168.18.150 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.18.150> (0, b'ansible-test # Unknown action 0\n\nansible-test # ', b'OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched \'final\'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched \'final\'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/root/.ansible/cp/db7eeee607" does not exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to 192.168.18.150 [192.168.18.150] port 22.\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug1: fd 5 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9996 ms remain after connect\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: identity file /root/.ssh/id_xmss type -1\r\ndebug1: identity file /root/.ssh/id_xmss-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_8.0\r\ndebug1: Remote protocol version 2.0, remote software version 9ykfFlSYGl\r\ndebug1: no match: 9ykfFlSYGl\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug1: Authenticating to 192.168.18.150:22 as \'root\'\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 192.168.18.150\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: ciphers stoc: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: MACs ctos: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#openssh.com,hmac-sha2-512\r\ndebug2: MACs stoc: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#openssh.com,hmac-sha2-512\r\ndebug2: compression ctos: zlib#openssh.com,zlib,none\r\ndebug2: compression stoc: zlib#openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,ssh-ed25519\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-md5-96\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-md5-96\r\ndebug2: compression ctos: none,zlib#openssh.com\r\ndebug2: compression stoc: none,zlib#openssh.com\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: curve25519-sha256#libssh.org\r\ndebug1: kex: host key algorithm: ssh-ed25519\r\ndebug1: kex: server->client cipher: aes256-gcm#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: client->server cipher: aes256-gcm#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: curve25519-sha256#libssh.org need=32 dh_need=32\r\ndebug1: kex: curve25519-sha256#libssh.org need=32 dh_need=32\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ssh-ed25519 SHA256:Nc7FkHufEKwgh9crfaEY29MT+TL6ViLrSveeqxKMZp4\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 192.168.18.150\r\ndebug1: Host \'192.168.18.150\' is known and matches the ED25519 host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey out after 4294967296 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey in after 4294967296 blocks\r\ndebug1: Will attempt key: /root/.ssh/id_rsa \r\ndebug1: Will attempt key: /root/.ssh/id_dsa \r\ndebug1: Will attempt key: /root/.ssh/id_ecdsa \r\ndebug1: Will attempt key: /root/.ssh/id_ed25519 \r\ndebug1: Will attempt key: /root/.ssh/id_xmss \r\ndebug2: pubkey_prepare: done\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: keyboard-interactive,password\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Trying private key: /root/.ssh/id_rsa\r\ndebug3: no such identity: /root/.ssh/id_rsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_xmss\r\ndebug3: no such identity: /root/.ssh/id_xmss: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug3: authmethod_lookup password\r\ndebug3: remaining preferred: ,password\r\ndebug3: authmethod_is_enabled password\r\ndebug1: Next authentication method: password\r\ndebug3: send packet: type 50\r\ndebug2: we sent a password packet, wait for reply\r\ndebug3: receive packet: type 52\r\ndebug1: Enabling compression at level 6.\r\ndebug1: Authentication succeeded (password).\r\nAuthenticated to 192.168.18.150 ([192.168.18.150]:22).\r\ndebug1: setting up multiplex master socket\r\ndebug3: muxserver_listen: temporary control path /root/.ansible/cp/db7eeee607.T9XUgVl1r7oQVeCe\r\ndebug2: fd 6 setting O_NONBLOCK\r\ndebug3: fd 6 is O_NONBLOCK\r\ndebug3: fd 6 is O_NONBLOCK\r\ndebug1: channel 0: new [/root/.ansible/cp/db7eeee607]\r\ndebug3: muxserver_listen: mux listener channel 0 fd 6\r\ndebug2: fd 5 setting TCP_NODELAY\r\ndebug3: ssh_packet_set_tos: set IP_TOS 0x20\r\ndebug1: control_persist_detach: backgrounding master process\r\ndebug2: control_persist_detach: background process is 47183\r\ndebug2: fd 6 setting O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering interactive session.\r\ndebug1: pledge: id\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2: fd 7 setting O_NONBLOCK\r\ndebug3: fd 7 is O_NONBLOCK\r\ndebug1: channel 1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux channel 1 fd 7\r\ndebug3: mux_master_read_cb: channel 1: hello sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: mux_master_process_hello: channel 1 slave version 4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4\r\ndebug2: mux_master_process_alive_check: channel 1: alive check\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 100\r\ndebug2: mux_master_process_new_session: channel 1: request tty 0, X 0, agent 0, subsys 0, term "xterm-256color", cmd "/bin/sh -c \'echo ~ && sleep 0\'", env 1\r\ndebug3: mux_master_process_new_session: got fds stdin 8, stdout 9, stderr 10\r\ndebug2: fd 9 setting O_NONBLOCK\r\ndebug2: fd 10 setting O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2: mux_master_process_new_session: channel_new: 2 linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send packet: type 90\r\ndebug3: receive packet: type 80\r\ndebug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0\r\ndebug3: receive packet: type 91\r\ndebug2: channel_input_open_confirmation: channel 2: callback start\r\ndebug2: client_session2_setup: id 2\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug2: channel 2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending command: /bin/sh -c \'echo ~ && sleep 0\'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: sending success reply\r\ndebug2: channel_input_open_confirmation: channel 2: callback done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug2: channel 2: rcvd adjust 2097152\r\ndebug3: receive packet: type 99\r\ndebug2: channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug3: receive packet: type 96\r\ndebug2: channel 2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2: channel 2: obuf empty\r\ndebug2: channel 2: chan_shutdown_write (i0 o1 sock -1 wfd 9 efd 10 [write])\r\ndebug2: channel 2: output drain -> closed\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3: mux_exit_message: channel 2: exit message, exitval 0\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype eow#openssh.com reply 0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2: chan_shutdown_read (i0 o3 sock -1 wfd 8 efd 10 [write])\r\ndebug2: channel 2: input open -> closed\r\ndebug3: receive packet: type 97\r\ndebug2: channel 2: rcvd close\r\ndebug3: channel 2: will not send data after close\r\ndebug2: channel 2: send close\r\ndebug3: send packet: type 97\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1: output open -> drain\r\ndebug2: channel 1: chan_shutdown_read (i0 o1 sock 7 wfd 7 efd -1 [closed])\r\ndebug2: channel 1: input open -> closed\r\ndebug2: channel 2: gc: user detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage collecting\r\ndebug1: channel 2: free: client-session, nchannels 3\r\ndebug3: channel 2: status: The following connections are open:\r\n #1 mux-control (t16 nr0 i3/0 o1/16 e[closed]/0 fd 7/7/-1 sock 7 cc -1)\r\n #2 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/10 sock -1 cc -1)\r\n\r\ndebug2: channel 1: obuf empty\r\ndebug2: channel 1: chan_shutdown_write (i3 o1 sock 7 wfd 7 efd -1 [closed])\r\ndebug2: channel 1: output drain -> closed\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3: mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel 1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: channel 1: status: The following connections are open:\r\n #1 mux-control (t16 nr0 i3/0 o3/0 e[closed]/0 fd 7/7/-1 sock 7 cc -1)\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<192.168.18.150> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.18.150> SSH: EXEC sshpass -d9 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 192.168.18.150 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ansible-test #/.ansible/tmp `"&& mkdir "` echo ansible-test #/.ansible/tmp/ansible-tmp-1621247104.1598728-47178-216424895417051 `" && echo ansible-tmp-1621247104.1598728-47178-216424895417051="` echo ansible-test #/.ansible/tmp/ansible-tmp-1621247104.1598728-47178-216424895417051 `" ) && sleep 0'"'"''
<192.168.18.150> (0, b'ansible-test # Unknown action 0\n\nansible-test # ', b"OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
Using module file /usr/lib/python3.6/site-packages/ansible/modules/system/ping.py
<192.168.18.150> PUT /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui TO ansible-test #/AnsiballZ_ping.py
<192.168.18.150> SSH: EXEC sshpass -d9 scp -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui '[192.168.18.150]:'"'"'ansible-test #/AnsiballZ_ping.py'"'"''
192.168.18.150 | FAILED! => {
"msg": "failed to transfer file to /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui ansible-test #/AnsiballZ_ping.py:\n\nExecuting: program /usr/bin/ssh host 192.168.18.150, user (unspecified), command scp -v -t 'ansible-test #/AnsiballZ_ping.py'\nOpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\n501-Permission Denied\ndebug2: Exiting on signal: Hangup\r\n"
Any help on this issue would be much appreciated.
That won't work on FortiGates since the ping module is not a regular ICMP ping. If you look up the docs of the ping module you can see that the remote-node requires Python.
From the docs:
This is NOT ICMP ping, this is just a trivial test module that
requires Python on the remote-node.
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ping_module.html#synopsis
Related
OpenSSH RemoteForward returns 502 Bad Gateway on Windows
We set up a remoteforward to proxy a webhook to our local dev machine. Everything works fine on Mac, but when we do the same thing on Windows 10 we get a 502 Bad Gateway. Is there something I'm missing? We've set GateWayPorts yes and PermitTunnel yes in C:\ProgramData\ssh\sshd_config .ssh\config file: Host webhook HostName ww.xx.yy.zz IdentityFile C:\Users\...\.ssh\key.pem User blah-user RemoteForward 25003 localhost:25007 GatewayPorts yes output from ssh -vvv webhook https://aws.amazon.com/amazon-linux-2/ No packages needed for security; 2 packages available Run "sudo yum update" to apply all updates. [blah-user#ip-ww-xx-yy-zz ~]$ debug3: receive packet: type 90 debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768 debug1: client_request_forwarded_tcpip: listen localhost port 25003, originator 127.0.0.1 port 46568 debug2: fd 7 setting O_NONBLOCK debug3: socketio_getsockopt - ERROR:10022 debug1: getsockopt TCP_NODELAY: Invalid argument debug1: connect_next: host localhost ([::1]:25007) in progress, fd=7 debug3: fd 7 is O_NONBLOCK debug3: fd 7 is O_NONBLOCK debug1: channel 1: new [127.0.0.1] debug1: confirm forwarded-tcpip debug3: channel 1: waiting for connection debug3: finish_connect - ERROR: async io completed with error: 10061, io:00000224831A7210 debug1: channel 1: connected to localhost port 25007 debug3: send packet: type 91 debug3: recv - from CB ERROR:10061, io:00000224831A7210 debug2: channel 1: read<=0 rfd 7 len 4294967295 debug2: channel 1: read failed debug2: chan_shutdown_read: channel 1: (i0 o0 sock 7 wfd 7 efd -1 [closed]) debug3: socketio_shutdown - ERROR:10057 debug2: channel 1: input open -> drain debug2: channel 1: ibuf empty debug2: channel 1: send eof debug3: send packet: type 96 debug2: channel 1: input drain -> closed debug3: ERROR:10061, io:00000224831A7210 debug2: channel 1: write failed debug2: chan_shutdown_write: channel 1: (i3 o0 sock 7 wfd 7 efd -1 [closed]) debug3: socketio_shutdown - ERROR:10057 debug2: chan_shutdown_write: channel 1: shutdown() failed for fd 7 [i3 o0]: The socket is not connected debug2: channel 1: output open -> closed debug2: channel 1: send close debug3: send packet: type 97 debug3: channel 1: will not send data after close debug3: channel 1: will not send data after close debug3: receive packet: type 96 debug2: channel 1: rcvd eof debug3: receive packet: type 97 debug2: channel 1: rcvd close debug3: channel 1: will not send data after close debug2: channel 1: is dead debug2: channel 1: garbage collecting debug1: channel 1: free: 127.0.0.1, nchannels 2 debug3: channel 1: status: The following connections are open: #0 client-session (t4 r2 i0/0 o0/0 e[write]/0 fd 4/5/6 sock -1 cc -1) #1 127.0.0.1 (t4 r3 i3/0 o3/0 e[closed]/0 fd 7/7/-1 sock 7 cc -1) The proxy works, as the exact same config on Mac works like a champ. Tried to turn the firewall off completely, but that didn't change anything.
GitHub / private repository / SSH: go get/go mod tidy fail, while git clone is working
I hope to find the answer to the question which is bothering me for the past couple of days - I have read a lot of threads, helpers, and publications, and do not seem to find a solution. I am a bit new with SSH. The problem is as follows: I cannot get/install/refresh the modules belonging to my project, when using go get or go mod tidy commands, while git clone of the same repo via SSH in any of the terminals or via TortoiseGit are working fine, i.e. I can clone, but I cannot build. getting a module fails the following way (personal data obfuscated): example.com/hello/PROJECTS/src/git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources tested by example.com/hello/PROJECTS/src/git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources.test imports git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources/vm_specific: module git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources/vm_specific: git ls-remote -q origin in C:\GO\PROJECTS\pkg\mod\cache\vcs\a5d519aeafc0ac08e2b20d7c8a6a8b2cea11cda88cb058cf2ebcc079d07b260a: exit status 128: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 'C:\\Users\\<username>/.ssh/known_hosts' debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 'C:\\Users\\<username>/.ssh/known_hosts2' debug2: resolving "git.<orgname>.com" port <port> debug3: resolve_host: lookup git.<orgname>.com:<port> debug3: ssh_connect_direct: entering debug1: Connecting to git.<orgname>.com [10.XXX.X.XX] port <port>. debug1: Connection established. ... debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9 debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.4.0 debug1: compat_banner: no match: APACHE-SSHD-2.4.0 debug2: fd 3 setting O_NONBLOCK debug1: Authenticating to git.<orgname>.com:<port> as 'git' ... debug1: Authentications that can continue: publickey ... debug3: send packet: type 50 debug3: receive packet: type 52 Authenticated to git.<orgname>.com ([10.XXX.X.XX]:<port>) using "publickey". ... debug1: Sending command: git-upload-pack '/scm/<reponame>/<subreponame>.git' debug2: channel 0: request exec confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 2097152 rmax 32768 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0 debug2: channel 0: rcvd ext data 106 debug3: receive packet: type 96 debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug3: receive packet: type 98 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug3: receive packet: type 97 debug2: channel 0: rcvd close debug2: chan_shutdown_read: channel 0: (i0 o1 sock -1 wfd 4 efd 6 [write]) debug2: channel 0: input open -> closed debug3: channel 0: will not send data after close debug2: channel 0: obuf_empty delayed efd 6/(106) debug2: channel 0: written 106 to efd 6 Repository not found The requested repository does not exist, or you do not have permission to access it. debug3: channel 0: will not send data after close debug2: channel 0: obuf empty debug2: chan_shutdown_write: channel 0: (i3 o1 sock -1 wfd 5 efd 6 [write]) debug2: channel 0: output drain -> closed fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug3: send packet: type 97 debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1 io 0x00/0x08) debug3: send packet: type 1 Transferred: sent 3268, received 2200 bytes, in 0.2 seconds Bytes per second: sent 15169.6, received 10212.1 debug1: Exit status 1 If a fuller log is needed I can upload it somewhere. last rows of ssh -T(vvv set as default) git#git.<orgname>.com: debug3: send packet: type 50 debug3: receive packet: type 52 debug1: Authentication succeeded (publickey). Authenticated to git.<orgname>.com ([10.XXX.X.XX]:<port>). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Entering interactive session. debug1: pledge: filesystem full debug3: receive packet: type 91 debug2: channel_input_open_confirmation: channel 0: callback start debug2: fd 3 setting TCP_NODELAY debug3: set_sock_tos: set socket 3 IP_TOS 0x08 debug2: client_session2_setup: id 0 debug2: channel 0: request shell confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 2097152 rmax 32768 debug3: receive packet: type 100 debug2: channel_input_status_confirm: type 100 id 0 shell request failed on channel 0 I am using a public key deriving from a key generated by ssh-keygen of OpenSSH - it is freshly generated and is added to my Git profile. git clone is thus working fine which is driving me insane already. I already have the most part of the modules which fail to be checked in the remote private repo, which is even crazier. I dislike this part, which most probably means that I have issues with my certificate - Authenticated to git..com ([10.XXX.X.XX]:) using "publickey". and this part, as OpenSSH on AIX requests PKCS12 support by default when EFS is enabled and non-AIX systems may reject these PKCS12 requests. debug2: channel 0: obuf_empty delayed efd 6/(106) debug2: channel 0: written 106 to efd 6 See changes in my config below. My environment: Win10 Enterprise Git version - 2.31.1.windows.1 I usually clone via TortoiseGit 2.13.0.1 SSH client being used within CMD/Powershell - OpenSSH_for_Windows_8.9, installed manually go env: (personal data obfuscated) set GO111MODULE= set GOARCH=amd64 set GOBIN= set GOCACHE=C:\Users\<username>\AppData\Local\go-build set GOENV=C:\Users\<username>\AppData\Roaming\go\env set GOEXE=.exe set GOEXPERIMENT= set GOFLAGS= set GOHOSTARCH=amd64 set GOHOSTOS=windows set GOINSECURE= set GOMODCACHE=C:\Program Files\Go\pkg\mod set GONOPROXY=*.<orgname>.com;git.<orgname>.com/users/<username> set GONOSUMDB=*.<orgname>.com;git.<orgname>.com/users/<username> set GOOS=windows set GOPATH=C:\Program Files\Go set GOPRIVATE=*.<orgname>.com;git.<orgname>.com/users/<username> set GOPROXY=https://proxy.golang.org,direct set GOROOT=C:\Program Files\Go set GOSUMDB=sum.golang.org set GOTMPDIR= set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64 set GOVCS= set GOVERSION=go1.18.3 set GCCGO=gccgo set GOAMD64=v1 set AR=ar set CC=gcc set CXX=g++ set CGO_ENABLED=1 set GOMOD=NUL set GOWORK= set CGO_CFLAGS=-g -O2 set CGO_CPPFLAGS= set CGO_CXXFLAGS=-g -O2 set CGO_FFLAGS=-g -O2 set CGO_LDFLAGS=-g -O2 set PKG_CONFIG=pkg-config set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\USER~1.NAM\AppData\Local\Temp\go-build1143995380=/tmp/go-build -gno-record-gcc-switches My SSH config: # GITHUB FOR SRC Host git.<orgname>.com ServerAliveInterval 600 TCPKeepAlive yes IPQoS throughput AddKeysToAgent yes HostName git.<orgname>.com Port <port> User <username> PreferredAuthentications publickey IdentityFile C:\Users\<username>\.ssh\git_rsa #IdentityFile ~/.ssh/git_rsa PubkeyAcceptedKeyTypes +ssh-rsa #ForwardAgent no #AllowPKCS12KeystoreAutoOpen no LogLevel DEBUG3 The certificate was previously added to the agent, but I have specified it here to be sure, and the correct certificate seems to be taken for authentication according to the log. It does not have a passphrase. I do not have totally unknown entries in my known-hosts, and the correct entry judging by a certificate timestamp is being used. I found that the PKCS12 requests can be disabled by AllowPKCS12KeystoreAutoOpen set to no, but it is being marked as a bad option - C:\GO\PROJECTS\src\git.<orgname>.com\<reponame>\<subreponame>>go get git.<orgname>.com/<name>/go-service/log go: module git.<orgname>.com/<name>/go-service/log: git ls-remote -q origin in C:\GO\PROJECTS\pkg\mod\cache\vcs\d0d607237eeba0d1c9d5ce996ed36c0f3746b2c8f94b538ace2d3f2a9476839e: exit status 128: C:\\Users\\<username>/.ssh/config: line 15: Bad configuration option: allowpkcs12keystoreautoopen C:\\Users\\<username>/.ssh/config: terminating, 1 bad configuration options GIT configs: global: [user] name = <username> email = <usrname>#<orgname>.com [url "ssh://git#git.<orgname>.com:<port>/"] insteadOf = https://git.<orgname>.com system: [url "ssh://git#git.<orgname>.com:<port>/"] insteadOf = https://git.<orgname>.com/ git remote -v: origin ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git (fetch) origin ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git (push) the same I use for cloning, repo config: [remote "origin"] url = ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git fetch = +refs/heads/*:refs/remotes/origin/* I tried both ssh:// and git#git... and it did not help. module config (set automatically), however: [remote "origin"] url = https://git.<orgname>.com/scm/<reponame>/<subreponame>.git fetch = +refs/heads/*:refs/remotes/origin/* I am out of ideas at this moment.
I'd recommend not to use go get with private repositories. This command caches repositories at pkg.go.dev and thus exposes them to the world. I was so embarrassed to find our private development published openly there. I deploy my private dependencies in the file system manually and specify the dependency in go.mod using replace: require your.server/your/package 1.2.3 replace your.server/your/package 1.2.3 => /path/to/local/your/package
That was an issue with repository - it was not really made to work with dependencies, and was not meant to work with modules and module-related requests. C'est la vie, but at least I've learned a lot about SSH and GIT interaction.
Restricted user error with connection to localhost closed by remote host
I'm trying to set sftpuser restricted by ChrootDirectory on AIX7.1. But it's not working and shown "connection to localhost closed by remote host" Now, I configurated in /etc/ssh/sshd_config Match User testuser ChrootDirectory /Share ForceCommand internal-sftp AllowTcpForwarding no X11Forwarding no The /Share owner by root user and permission is 755 but it's still not working and show debug as below. sftp -vvv testuser#localhost OpenSSH_8.1p1, OpenSSL 1.0.2u 20 Dec 2019 debug1: Authentication succeeded (password). Authenticated to localhost ([127.0.0.1]:22). debug2: fd 5 setting O_NONBLOCK debug3: fd 6 is O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug3: send packet: type 90 debug1: Requesting no-more-sessions#openssh.com debug3: send packet: type 80 debug1: fd 0 clearing O_NONBLOCK debug3: fd 1 is not O_NONBLOCK Connection to localhost closed by remote host. Transferred: sent 2256, received 2228 bytes, in 0.0 seconds Bytes per second: sent 270661.7, received 267302.4 debug1: Exit status -1 Connection closed How can I solve it? Thanks in advance for your help.
Git, OpenSSH, windows 7 "fatal: the remote end hung up unexpectedly"
I was not even able to do git push or ferch once. I enter password and its return error: "fatal: the remote end hung up unexpectedly" 1.) I am login as admin using just password (no ssh keys) 2.) I can connect with ssh with no problems. Can create, delete dirs... whatever... 3.) When try to push by git fatal error appear 4.) I am connecting from same machine for eleminating compatibility or network errors 5.) When use no ssh, just path "d:/git-repos/git-local.git", git working nice SSH debug log: debug3: Ignored env SSH_AUTH_SOCK debug1: Sending command: powershell git-upload-pack 'd:/git-repos/git-local.git' debug2: channel 0: request exec confirm 1 debug3: send packet: type 98 debug2: channel_input_open_confirmation: channel 0: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel 0: rcvd adjust 2097152 debug3: receive packet: type 99 debug2: channel_input_status_confirm: type 99 id 0 debug2: exec request accepted on channel 0 debug2: channel 0: read<=0 rfd 4 len 0 debug2: channel 0: read failed debug2: channel 0: chan_shutdown_read (i0 o0 sock -1 wfd 4 efd 6 [write]) debug2: channel 0: input open -> drain debug2: channel 0: ibuf empty debug2: channel 0: send eof debug3: send packet: type 96 debug2: channel 0: input drain -> closed debug2: channel 0: rcvd ext data 43 fatal: the remote end hung up unexpectedly debug2: channel 0: written 43 to efd 6 debug3: receive packet: type 96 debug2: channel 0: rcvd eof debug2: channel 0: output open -> drain debug2: channel 0: obuf empty debug2: channel 0: chan_shutdown_write (i3 o1 sock -1 wfd 5 efd 6 [write]) debug2: channel 0: output drain -> closed debug3: receive packet: type 98 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug3: receive packet: type 97 debug2: channel 0: rcvd close debug3: channel 0: will not send data after close debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug3: send packet: type 97 debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1) debug3: send packet: type 1 debug3: fd 0 is not O_NONBLOCK Transferred: sent 2064, received 2528 bytes, in 0.8 seconds Bytes per second: sent 2580.9, received 3161.1 debug1: Exit status 1 SSH server config: # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options override the # default value. #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: #HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key #HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key # Ciphers and keying #RekeyLimit default none # Logging SyslogFacility LOCAL0 LogLevel DEBUG3 # Authentication: #LoginGraceTime 2m #PermitRootLogin prohibit-password #StrictModes yes #MaxAuthTries 6 #MaxSessions 10 # PubkeyAuthentication yes # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys #AuthorizedPrincipalsFile none # For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! # PasswordAuthentication yes # PermitEmptyPasswords no # GSSAPI options #GSSAPIAuthentication no #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no #PermitTTY yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none # no default banner path #Banner none # override default of no subsystems Subsystem sftp sftp-server.exe # Example of overriding settings on a per-user basis #Match User anoncvs # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server #AllowUsers user Match User user ChrootDirectory "D:\git-repos" Match User supreme ChrootDirectory "D:\git-repos" Match Group administrators AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys Seems to fail on command: powershell git-receive-pack 'D:/git-repos/git-local.git' When run command from cmd it returns: 00bdd268299939f6e8bea6ae3e78cf891b59cc79da28 refs/heads/master report-status rep ort-status-v2 delete-refs side-band-64k quiet atomic ofs-delta object-format=sha 1 agent=git/2.30.0.windows.1 OS: Windows 7 Ultimate SP1 32bit Using Windows 7 CMD Git version: 2.30.0 (32bit) OpenSSH: 8.1p1 for Windows (32bit) Installed by this guide: https://github.com/PowerShell/Win32-OpenSSH/wiki/Setting-up-a-Git-server-on-Windows-using-Git-for-Windows-and-Win32_OpenSSH First I install with no option "Run Git and included Unix tools from the Windows Command Prompt". But I reinstalled it later with this option. Env Path server: %SYSTEMROOT%\System32\WindowsPowerShell\v1.0\; C:\ProgramsInstall\OpenSSH-Win32; C:\ProgramsInstall\Git\cmd; C:\ProgramsInstall\Git\mingw32\bin; C:\ProgramsInstall\Git\usr\bin "SSH where" command output: C:\ProgramsInstall\OpenSSH-Win32\ssh.exe C:\ProgramsInstall\Git\usr\bin\ssh.exe Local repo config: sshCommand = 'C:\\ProgramsInstall\\OpenSSH-Win32\\ssh.exe' -T -vvv url = supreme#dev-server:D:/git-repos/git-local.git uploadpack = powershell git-upload-pack receivepack = powershell git-receive-pack
Ansible: How to set password for a user? Having trouble encrypting the password
I'm trying to setup ansible. The issue I'm having is that my authentication is failing when I use an encrypted password. I do not want to use the root user, but would like to use the user account "t0142734". Now, where do I put the password for this user? And how do I encrypt the password? Here is what I did: I have my hosts file (/etc/ansible/hosts) set up like this: [devservers] pses00top pses16top pses99top [customerLabs] pses21top pses25top [allLabs] pses00top pses16top pses99top pses21top pses25top And I have my playbook (/etc/ansible/playbooks/test.yml) set up like this: --- - hosts: devservers remote_user: t0142734 user: t0142734 vars: password: $1$SomeSalt$xAFXP474fwpr2MobtwE.5/ tasks: - user: name=t0142734 password={password} comment="Katie" ssh_key_file=/home/t0142734/.ssh/id_rsa - name: ping test ping: I used the following to generate the encrypted password: python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")' And I setup my ansible configuration file ansible.cfg (/etc/ansible/ansible.cfg) like this: inventory = /etc/ansible/hosts host_key_checking = False remote_user = t0142734 I run my playbook like the following: ansible-playbook test.yml The error i'm getting is the following: <pses25top> ESTABLISH SSH CONNECTION FOR USER: t0142734 <pses25top> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=t0142734 -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -tt pses25top '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1462469008.44-66881249426265 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1462469008.44-66881249426265 `" )'"'"'' pses25top | UNREACHABLE! => { "changed": false, "msg": "SSH encountered an unknown error. The output was:\nOpenSSH_7.2p2, OpenSSL 1.0.2g-fips 1 Mar 2016\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/root/.ansible/cp/ansible-ssh-pses25top-22-t0142734\" does not exist\r\ndebug2: resolving \"pses25top\" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to pses25top [10.76.115.151] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9999 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/id_rsa type 1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.1\r\ndebug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to pses25top:22 as 't0142734'\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from pses25top\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: zlib#openssh.com,zlib,none\r\ndebug2: compression stoc: zlib#openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,zlib#openssh.com\r\ndebug2: compression stoc: none,zlib#openssh.com\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: curve25519-sha256#libssh.org\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64\r\ndebug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:PV4k4IbhF+EJn096uBoQ44xkmK4meIQWKGkIV00dD44\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from pses25top\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from 10.76.115.151\r\ndebug1: Host 'pses25top' is known and matches the ECDSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:23\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: key: /root/.ssh/id_rsa (0x560d1b74fae0)\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering RSA public key: /root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,password).\r\n", "unreachable": true } When I try to connect without using the encrypted password (comment out the password var in the playbook), and I use the command ansible all -vvvv -m ping --ask-pass, it works!!! I get this back: pses25top | SUCCESS => { "changed": false, "invocation": { "module_args": { "data": null }, "module_name": "ping" }, "ping": "pong" } So, when I try to use my encrypted password it does not work. When I make ansible prompt me for a password, it works. Any help? Also, I'm not sure what to do with the "salt". Do I need to include it somewhere? The version of Ansible I am using is ansible 2.0.1.0 Resources: Ansible User Module Docs Ansible FAQ about generating encrypted passwords Ansible Configuration File Docs Ansible Inventory Docs
It is unclear, what are you trying to do. It seems that you are trying to authenticate using password before setting password (your remote_user and user: name are equal). Are you creating a new user "t0142734"? Then you don't have this remote_user account yet! You have to use another user for that purpose (root for instance). Are you changing password of an existing user "t0142734.? Then you have to authenticate somehow else, because current password of this user must differ from a new one. So as to login you can use ask-pass, or password + ansible-vault, or ssh keys. Do simple test. Try to set up user's password via Ansible and then just login using ssh t0142734#pses00top. Without authorised_keys configured you should be asked to enter password. In case you succeed — everything is done properly