Ansible fortigate: "msg": AnsiballZ_ping.py:501-Permission Denied - ansible

Today, I wanted to test Ansible to manage Fortigate, so, I set up a simulation environment.
when I echo ansible fg -m ping, I get an error msg, like this
192.168.18.150 | FAILED! => {
"msg": "failed to transfer file to /root/.ansible/tmp/ansible-local-46555w_4g4b_n/tmpdfc1l7yc ansible-test #/AnsiballZ_ping.py:\n\n501-Permission Denied\n"
}
I did enable scp in Fortigate
config system global
set admin-scp enable
And I already had scp_if_ssh=True in the [ssh_connection] section of ansible.cfg
Running the command with -vvvv, I get this
ansible 2.9.21
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /usr/bin/ansible
python version = 3.6.8 (default, Aug 24 2020, 17:57:11) [GCC 8.3.1 20191121 (Red Hat 8.3.1-5)]
Using /etc/ansible/ansible.cfg as config file
SSH password:
setting up inventory plugins
host_list declined parsing /etc/ansible/inventory as it did not pass its verify_file() method
auto declined parsing /etc/ansible/inventory as it did not pass its verify_file() method
Parsed /etc/ansible/inventory inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python3.6/site-packages/ansible/plugins/callback/minimal.py
Skipping callback 'actionable', as we already have a stdout callback.
Skipping callback 'counter_enabled', as we already have a stdout callback.
Skipping callback 'debug', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'dense', as we already have a stdout callback.
Skipping callback 'full_skip', as we already have a stdout callback.
Skipping callback 'json', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'null', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
Skipping callback 'selective', as we already have a stdout callback.
Skipping callback 'skippy', as we already have a stdout callback.
Skipping callback 'stderr', as we already have a stdout callback.
Skipping callback 'unixy', as we already have a stdout callback.
Skipping callback 'yaml', as we already have a stdout callback.
META: ran handlers
<192.168.18.150> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.18.150> SSH: EXEC sshpass -d9 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 192.168.18.150 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.18.150> (0, b'ansible-test # Unknown action 0\n\nansible-test # ', b'OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched \'final\'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for \'final all\' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched \'final\'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/root/.ansible/cp/db7eeee607" does not exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to 192.168.18.150 [192.168.18.150] port 22.\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug1: fd 5 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9996 ms remain after connect\r\ndebug1: identity file /root/.ssh/id_rsa type -1\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: identity file /root/.ssh/id_xmss type -1\r\ndebug1: identity file /root/.ssh/id_xmss-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_8.0\r\ndebug1: Remote protocol version 2.0, remote software version 9ykfFlSYGl\r\ndebug1: no match: 9ykfFlSYGl\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug1: Authenticating to 192.168.18.150:22 as \'root\'\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 192.168.18.150\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: ssh-ed25519-cert-v01#openssh.com,ssh-ed25519,ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,rsa-sha2-512-cert-v01#openssh.com,rsa-sha2-256-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: ciphers stoc: aes256-gcm#openssh.com,chacha20-poly1305#openssh.com,aes256-ctr,aes256-cbc,aes128-gcm#openssh.com,aes128-ctr,aes128-cbc\r\ndebug2: MACs ctos: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#openssh.com,hmac-sha2-512\r\ndebug2: MACs stoc: hmac-sha2-256-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha2-256,hmac-sha1,umac-128#openssh.com,hmac-sha2-512\r\ndebug2: compression ctos: zlib#openssh.com,zlib,none\r\ndebug2: compression stoc: zlib#openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,ssh-ed25519\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc#lysator.liu.se,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-md5-96\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-etm#openssh.com,hmac-ripemd160-etm#openssh.com,hmac-md5-96-etm#openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd160#openssh.com,hmac-md5-96\r\ndebug2: compression ctos: none,zlib#openssh.com\r\ndebug2: compression stoc: none,zlib#openssh.com\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: curve25519-sha256#libssh.org\r\ndebug1: kex: host key algorithm: ssh-ed25519\r\ndebug1: kex: server->client cipher: aes256-gcm#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: client->server cipher: aes256-gcm#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: curve25519-sha256#libssh.org need=32 dh_need=32\r\ndebug1: kex: curve25519-sha256#libssh.org need=32 dh_need=32\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ssh-ed25519 SHA256:Nc7FkHufEKwgh9crfaEY29MT+TL6ViLrSveeqxKMZp4\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ED25519 in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 192.168.18.150\r\ndebug1: Host \'192.168.18.150\' is known and matches the ED25519 host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey out after 4294967296 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey in after 4294967296 blocks\r\ndebug1: Will attempt key: /root/.ssh/id_rsa \r\ndebug1: Will attempt key: /root/.ssh/id_dsa \r\ndebug1: Will attempt key: /root/.ssh/id_ecdsa \r\ndebug1: Will attempt key: /root/.ssh/id_ed25519 \r\ndebug1: Will attempt key: /root/.ssh/id_xmss \r\ndebug2: pubkey_prepare: done\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,publickey,keyboard-interactive,password\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: keyboard-interactive,password\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Trying private key: /root/.ssh/id_rsa\r\ndebug3: no such identity: /root/.ssh/id_rsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ecdsa\r\ndebug3: no such identity: /root/.ssh/id_ecdsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_xmss\r\ndebug3: no such identity: /root/.ssh/id_xmss: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug3: authmethod_lookup password\r\ndebug3: remaining preferred: ,password\r\ndebug3: authmethod_is_enabled password\r\ndebug1: Next authentication method: password\r\ndebug3: send packet: type 50\r\ndebug2: we sent a password packet, wait for reply\r\ndebug3: receive packet: type 52\r\ndebug1: Enabling compression at level 6.\r\ndebug1: Authentication succeeded (password).\r\nAuthenticated to 192.168.18.150 ([192.168.18.150]:22).\r\ndebug1: setting up multiplex master socket\r\ndebug3: muxserver_listen: temporary control path /root/.ansible/cp/db7eeee607.T9XUgVl1r7oQVeCe\r\ndebug2: fd 6 setting O_NONBLOCK\r\ndebug3: fd 6 is O_NONBLOCK\r\ndebug3: fd 6 is O_NONBLOCK\r\ndebug1: channel 0: new [/root/.ansible/cp/db7eeee607]\r\ndebug3: muxserver_listen: mux listener channel 0 fd 6\r\ndebug2: fd 5 setting TCP_NODELAY\r\ndebug3: ssh_packet_set_tos: set IP_TOS 0x20\r\ndebug1: control_persist_detach: backgrounding master process\r\ndebug2: control_persist_detach: background process is 47183\r\ndebug2: fd 6 setting O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering interactive session.\r\ndebug1: pledge: id\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2: fd 7 setting O_NONBLOCK\r\ndebug3: fd 7 is O_NONBLOCK\r\ndebug1: channel 1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux channel 1 fd 7\r\ndebug3: mux_master_read_cb: channel 1: hello sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len 4\r\ndebug2: mux_master_process_hello: channel 1 slave version 4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000004 len 4\r\ndebug2: mux_master_process_alive_check: channel 1: alive check\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x10000002 len 100\r\ndebug2: mux_master_process_new_session: channel 1: request tty 0, X 0, agent 0, subsys 0, term "xterm-256color", cmd "/bin/sh -c \'echo ~ && sleep 0\'", env 1\r\ndebug3: mux_master_process_new_session: got fds stdin 8, stdout 9, stderr 10\r\ndebug2: fd 9 setting O_NONBLOCK\r\ndebug2: fd 10 setting O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2: mux_master_process_new_session: channel_new: 2 linked to control channel 1\r\ndebug2: channel 2: send open\r\ndebug3: send packet: type 90\r\ndebug3: receive packet: type 80\r\ndebug1: client_input_global_request: rtype hostkeys-00#openssh.com want_reply 0\r\ndebug3: receive packet: type 91\r\ndebug2: channel_input_open_confirmation: channel 2: callback start\r\ndebug2: client_session2_setup: id 2\r\ndebug1: Sending environment.\r\ndebug1: Sending env LANG = en_US.UTF-8\r\ndebug2: channel 2: request env confirm 0\r\ndebug3: send packet: type 98\r\ndebug1: Sending command: /bin/sh -c \'echo ~ && sleep 0\'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3: send packet: type 98\r\ndebug3: mux_session_confirm: sending success reply\r\ndebug2: channel_input_open_confirmation: channel 2: callback done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug2: channel 2: rcvd adjust 2097152\r\ndebug3: receive packet: type 99\r\ndebug2: channel_input_status_confirm: type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug3: receive packet: type 96\r\ndebug2: channel 2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2: channel 2: obuf empty\r\ndebug2: channel 2: chan_shutdown_write (i0 o1 sock -1 wfd 9 efd 10 [write])\r\ndebug2: channel 2: output drain -> closed\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3: mux_exit_message: channel 2: exit message, exitval 0\r\ndebug3: receive packet: type 98\r\ndebug1: client_input_channel_req: channel 2 rtype eow#openssh.com reply 0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2: chan_shutdown_read (i0 o3 sock -1 wfd 8 efd 10 [write])\r\ndebug2: channel 2: input open -> closed\r\ndebug3: receive packet: type 97\r\ndebug2: channel 2: rcvd close\r\ndebug3: channel 2: will not send data after close\r\ndebug2: channel 2: send close\r\ndebug3: send packet: type 97\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1: output open -> drain\r\ndebug2: channel 1: chan_shutdown_read (i0 o1 sock 7 wfd 7 efd -1 [closed])\r\ndebug2: channel 1: input open -> closed\r\ndebug2: channel 2: gc: user detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage collecting\r\ndebug1: channel 2: free: client-session, nchannels 3\r\ndebug3: channel 2: status: The following connections are open:\r\n #1 mux-control (t16 nr0 i3/0 o1/16 e[closed]/0 fd 7/7/-1 sock 7 cc -1)\r\n #2 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/10 sock -1 cc -1)\r\n\r\ndebug2: channel 1: obuf empty\r\ndebug2: channel 1: chan_shutdown_write (i3 o1 sock 7 wfd 7 efd -1 [closed])\r\ndebug2: channel 1: output drain -> closed\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3: mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel 1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2: channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control, nchannels 2\r\ndebug3: channel 1: status: The following connections are open:\r\n #1 mux-control (t16 nr0 i3/0 o3/0 e[closed]/0 fd 7/7/-1 sock 7 cc -1)\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60 seconds\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
<192.168.18.150> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.18.150> SSH: EXEC sshpass -d9 ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 192.168.18.150 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ansible-test #/.ansible/tmp `"&& mkdir "` echo ansible-test #/.ansible/tmp/ansible-tmp-1621247104.1598728-47178-216424895417051 `" && echo ansible-tmp-1621247104.1598728-47178-216424895417051="` echo ansible-test #/.ansible/tmp/ansible-tmp-1621247104.1598728-47178-216424895417051 `" ) && sleep 0'"'"''
<192.168.18.150> (0, b'ansible-test # Unknown action 0\n\nansible-test # ', b"OpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\ndebug3: mux_client_read_packet: read header failed: Broken pipe\r\ndebug2: Received exit status from master 0\r\n")
Using module file /usr/lib/python3.6/site-packages/ansible/modules/system/ping.py
<192.168.18.150> PUT /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui TO ansible-test #/AnsiballZ_ping.py
<192.168.18.150> SSH: EXEC sshpass -d9 scp -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/db7eeee607 /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui '[192.168.18.150]:'"'"'ansible-test #/AnsiballZ_ping.py'"'"''
192.168.18.150 | FAILED! => {
"msg": "failed to transfer file to /root/.ansible/tmp/ansible-local-47171dn7wxth0/tmpbu4qybui ansible-test #/AnsiballZ_ping.py:\n\nExecuting: program /usr/bin/ssh host 192.168.18.150, user (unspecified), command scp -v -t 'ansible-test #/AnsiballZ_ping.py'\nOpenSSH_8.0p1, OpenSSL 1.1.1g FIPS 21 Apr 2020\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: not matched 'final'\r\ndebug2: match not found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1 (parse only)\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: configuration requests final Match pass\r\ndebug2: resolve_canonicalize: hostname 192.168.18.150 is address\r\ndebug1: re-parsing configuration\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug3: /etc/ssh/ssh_config line 52: Including file /etc/ssh/ssh_config.d/05-redhat.conf depth 0\r\ndebug1: Reading configuration data /etc/ssh/ssh_config.d/05-redhat.conf\r\ndebug2: checking match for 'final all' host 192.168.18.150 originally 192.168.18.150\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 3: matched 'final'\r\ndebug2: match found\r\ndebug3: /etc/ssh/ssh_config.d/05-redhat.conf line 5: Including file /etc/crypto-policies/back-ends/openssh.config depth 1\r\ndebug1: Reading configuration data /etc/crypto-policies/back-ends/openssh.config\r\ndebug3: gss kex names ok: [gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-]\r\ndebug3: kex names ok: [curve25519-sha256,curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1]\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 5 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 47185\r\ndebug3: mux_client_request_session: session request sent\r\n501-Permission Denied\ndebug2: Exiting on signal: Hangup\r\n"
Any help on this issue would be much appreciated.

That won't work on FortiGates since the ping module is not a regular ICMP ping. If you look up the docs of the ping module you can see that the remote-node requires Python.
From the docs:
This is NOT ICMP ping, this is just a trivial test module that
requires Python on the remote-node.
https://docs.ansible.com/ansible/latest/collections/ansible/builtin/ping_module.html#synopsis

Related

OpenSSH RemoteForward returns 502 Bad Gateway on Windows

We set up a remoteforward to proxy a webhook to our local dev machine. Everything works fine on Mac, but when we do the same thing on Windows 10 we get a 502 Bad Gateway.
Is there something I'm missing?
We've set GateWayPorts yes and PermitTunnel yes in C:\ProgramData\ssh\sshd_config
.ssh\config file:
Host webhook
HostName ww.xx.yy.zz
IdentityFile C:\Users\...\.ssh\key.pem
User blah-user
RemoteForward 25003 localhost:25007
GatewayPorts yes
output from ssh -vvv webhook
https://aws.amazon.com/amazon-linux-2/
No packages needed for security; 2 packages available
Run "sudo yum update" to apply all updates.
[blah-user#ip-ww-xx-yy-zz ~]$ debug3: receive packet: type 90
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 3 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 25003, originator 127.0.0.1 port 46568
debug2: fd 7 setting O_NONBLOCK
debug3: socketio_getsockopt - ERROR:10022
debug1: getsockopt TCP_NODELAY: Invalid argument
debug1: connect_next: host localhost ([::1]:25007) in progress, fd=7
debug3: fd 7 is O_NONBLOCK
debug3: fd 7 is O_NONBLOCK
debug1: channel 1: new [127.0.0.1]
debug1: confirm forwarded-tcpip
debug3: channel 1: waiting for connection
debug3: finish_connect - ERROR: async io completed with error: 10061, io:00000224831A7210
debug1: channel 1: connected to localhost port 25007
debug3: send packet: type 91
debug3: recv - from CB ERROR:10061, io:00000224831A7210
debug2: channel 1: read<=0 rfd 7 len 4294967295
debug2: channel 1: read failed
debug2: chan_shutdown_read: channel 1: (i0 o0 sock 7 wfd 7 efd -1 [closed])
debug3: socketio_shutdown - ERROR:10057
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug3: send packet: type 96
debug2: channel 1: input drain -> closed
debug3: ERROR:10061, io:00000224831A7210
debug2: channel 1: write failed
debug2: chan_shutdown_write: channel 1: (i3 o0 sock 7 wfd 7 efd -1 [closed])
debug3: socketio_shutdown - ERROR:10057
debug2: chan_shutdown_write: channel 1: shutdown() failed for fd 7 [i3 o0]: The socket is not connected
debug2: channel 1: output open -> closed
debug2: channel 1: send close
debug3: send packet: type 97
debug3: channel 1: will not send data after close
debug3: channel 1: will not send data after close
debug3: receive packet: type 96
debug2: channel 1: rcvd eof
debug3: receive packet: type 97
debug2: channel 1: rcvd close
debug3: channel 1: will not send data after close
debug2: channel 1: is dead
debug2: channel 1: garbage collecting
debug1: channel 1: free: 127.0.0.1, nchannels 2
debug3: channel 1: status: The following connections are open:
#0 client-session (t4 r2 i0/0 o0/0 e[write]/0 fd 4/5/6 sock -1 cc -1)
#1 127.0.0.1 (t4 r3 i3/0 o3/0 e[closed]/0 fd 7/7/-1 sock 7 cc -1)
The proxy works, as the exact same config on Mac works like a champ. Tried to turn the firewall off completely, but that didn't change anything.

GitHub / private repository / SSH: go get/go mod tidy fail, while git clone is working

I hope to find the answer to the question which is bothering me for the past couple of days - I have read a lot of threads, helpers, and publications, and do not seem to find a solution.
I am a bit new with SSH.
The problem is as follows:
I cannot get/install/refresh the modules belonging to my project, when using go get or go mod tidy commands,
while git clone of the same repo via SSH in any of the terminals or via TortoiseGit are working fine,
i.e. I can clone, but I cannot build.
getting a module fails the following way (personal data obfuscated):
example.com/hello/PROJECTS/src/git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources tested by
example.com/hello/PROJECTS/src/git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources.test imports
git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources/vm_specific: module git.<orgname>.com/<reponame>/<subreponame>/tests/functional/resources/vm_specific: git ls-remote -q origin in C:\GO\PROJECTS\pkg\mod\cache\vcs\a5d519aeafc0ac08e2b20d7c8a6a8b2cea11cda88cb058cf2ebcc079d07b260a: exit status 128:
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> 'C:\\Users\\<username>/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> 'C:\\Users\\<username>/.ssh/known_hosts2'
debug2: resolving "git.<orgname>.com" port <port>
debug3: resolve_host: lookup git.<orgname>.com:<port>
debug3: ssh_connect_direct: entering
debug1: Connecting to git.<orgname>.com [10.XXX.X.XX] port <port>.
debug1: Connection established.
...
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.9
debug1: Remote protocol version 2.0, remote software version APACHE-SSHD-2.4.0
debug1: compat_banner: no match: APACHE-SSHD-2.4.0
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to git.<orgname>.com:<port> as 'git'
...
debug1: Authentications that can continue: publickey
...
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to git.<orgname>.com ([10.XXX.X.XX]:<port>) using "publickey".
...
debug1: Sending command: git-upload-pack '/scm/<reponame>/<subreponame>.git'
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: rcvd ext data 106
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug2: chan_shutdown_read: channel 0: (i0 o1 sock -1 wfd 4 efd 6 [write])
debug2: channel 0: input open -> closed
debug3: channel 0: will not send data after close
debug2: channel 0: obuf_empty delayed efd 6/(106)
debug2: channel 0: written 106 to efd 6
Repository not found
The requested repository does not exist, or you do not have permission to access it.
debug3: channel 0: will not send data after close
debug2: channel 0: obuf empty
debug2: chan_shutdown_write: channel 0: (i3 o1 sock -1 wfd 5 efd 6 [write])
debug2: channel 0: output drain -> closed
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1 io 0x00/0x08)
debug3: send packet: type 1
Transferred: sent 3268, received 2200 bytes, in 0.2 seconds
Bytes per second: sent 15169.6, received 10212.1
debug1: Exit status 1
If a fuller log is needed I can upload it somewhere.
last rows of ssh -T(vvv set as default) git#git.<orgname>.com:
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to git.<orgname>.com ([10.XXX.X.XX]:<port>).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: filesystem full
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x08
debug2: client_session2_setup: id 0
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 2097152 rmax 32768
debug3: receive packet: type 100
debug2: channel_input_status_confirm: type 100 id 0
shell request failed on channel 0
I am using a public key deriving from a key generated by ssh-keygen of OpenSSH - it is freshly generated and is added to my Git profile.
git clone is thus working fine which is driving me insane already.
I already have the most part of the modules which fail to be checked in the remote private repo, which is even crazier.
I dislike this part, which most probably means that I have issues with my certificate -
Authenticated to git..com ([10.XXX.X.XX]:) using
"publickey".
and this part, as OpenSSH on AIX requests PKCS12 support by default when EFS is enabled and non-AIX systems may reject these PKCS12 requests.
debug2: channel 0: obuf_empty delayed efd 6/(106)
debug2: channel 0: written 106 to efd 6
See changes in my config below.
My environment:
Win10 Enterprise
Git version - 2.31.1.windows.1
I usually clone via TortoiseGit 2.13.0.1
SSH client being used within CMD/Powershell - OpenSSH_for_Windows_8.9, installed manually
go env: (personal data obfuscated)
set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\<username>\AppData\Local\go-build
set GOENV=C:\Users\<username>\AppData\Roaming\go\env
set GOEXE=.exe
set GOEXPERIMENT=
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=C:\Program Files\Go\pkg\mod
set GONOPROXY=*.<orgname>.com;git.<orgname>.com/users/<username>
set GONOSUMDB=*.<orgname>.com;git.<orgname>.com/users/<username>
set GOOS=windows
set GOPATH=C:\Program Files\Go
set GOPRIVATE=*.<orgname>.com;git.<orgname>.com/users/<username>
set GOPROXY=https://proxy.golang.org,direct
set GOROOT=C:\Program Files\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=C:\Program Files\Go\pkg\tool\windows_amd64
set GOVCS=
set GOVERSION=go1.18.3
set GCCGO=gccgo
set GOAMD64=v1
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=NUL
set GOWORK=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\USER~1.NAM\AppData\Local\Temp\go-build1143995380=/tmp/go-build -gno-record-gcc-switches
My SSH config:
# GITHUB FOR SRC
Host git.<orgname>.com
ServerAliveInterval 600
TCPKeepAlive yes
IPQoS throughput
AddKeysToAgent yes
HostName git.<orgname>.com
Port <port>
User <username>
PreferredAuthentications publickey
IdentityFile C:\Users\<username>\.ssh\git_rsa
#IdentityFile ~/.ssh/git_rsa
PubkeyAcceptedKeyTypes +ssh-rsa
#ForwardAgent no
#AllowPKCS12KeystoreAutoOpen no
LogLevel DEBUG3
The certificate was previously added to the agent, but I have specified it here to be sure, and the correct certificate seems to be taken for authentication according to the log.
It does not have a passphrase.
I do not have totally unknown entries in my known-hosts, and the correct entry judging by a certificate timestamp is being used.
I found that the PKCS12 requests can be disabled by AllowPKCS12KeystoreAutoOpen set to no, but it is being marked as a bad option -
C:\GO\PROJECTS\src\git.<orgname>.com\<reponame>\<subreponame>>go get git.<orgname>.com/<name>/go-service/log
go: module git.<orgname>.com/<name>/go-service/log: git ls-remote -q origin in C:\GO\PROJECTS\pkg\mod\cache\vcs\d0d607237eeba0d1c9d5ce996ed36c0f3746b2c8f94b538ace2d3f2a9476839e: exit status 128:
C:\\Users\\<username>/.ssh/config: line 15: Bad configuration option: allowpkcs12keystoreautoopen
C:\\Users\\<username>/.ssh/config: terminating, 1 bad configuration options
GIT configs:
global:
[user]
name = <username>
email = <usrname>#<orgname>.com
[url "ssh://git#git.<orgname>.com:<port>/"]
insteadOf = https://git.<orgname>.com
system:
[url "ssh://git#git.<orgname>.com:<port>/"]
insteadOf = https://git.<orgname>.com/
git remote -v:
origin ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git (fetch)
origin ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git (push)
the same I use for cloning,
repo config:
[remote "origin"]
url = ssh://git#git.<orgname>.com:<port>/~<username>/<subreponame>.git
fetch = +refs/heads/*:refs/remotes/origin/*
I tried both ssh:// and git#git... and it did not help.
module config (set automatically), however:
[remote "origin"]
url = https://git.<orgname>.com/scm/<reponame>/<subreponame>.git
fetch = +refs/heads/*:refs/remotes/origin/*
I am out of ideas at this moment.
I'd recommend not to use go get with private repositories. This command caches repositories at pkg.go.dev and thus exposes them to the world. I was so embarrassed to find our private development published openly there.
I deploy my private dependencies in the file system manually and specify the dependency in go.mod using replace:
require your.server/your/package 1.2.3
replace your.server/your/package 1.2.3 => /path/to/local/your/package
That was an issue with repository - it was not really made to work with dependencies, and was not meant to work with modules and module-related requests. C'est la vie, but at least I've learned a lot about SSH and GIT interaction.

Restricted user error with connection to localhost closed by remote host

I'm trying to set sftpuser restricted by ChrootDirectory on AIX7.1. But it's not working and shown "connection to localhost closed by remote host"
Now, I configurated in /etc/ssh/sshd_config
Match User testuser
ChrootDirectory /Share
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
The /Share owner by root user and permission is 755 but it's still not working and show debug as below.
sftp -vvv testuser#localhost
OpenSSH_8.1p1, OpenSSL 1.0.2u 20 Dec 2019
debug1: Authentication succeeded (password).
Authenticated to localhost ([127.0.0.1]:22).
debug2: fd 5 setting O_NONBLOCK
debug3: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Requesting no-more-sessions#openssh.com
debug3: send packet: type 80
debug1: fd 0 clearing O_NONBLOCK
debug3: fd 1 is not O_NONBLOCK
Connection to localhost closed by remote host.
Transferred: sent 2256, received 2228 bytes, in 0.0 seconds
Bytes per second: sent 270661.7, received 267302.4
debug1: Exit status -1
Connection closed
How can I solve it? Thanks in advance for your help.

Git, OpenSSH, windows 7 "fatal: the remote end hung up unexpectedly"

I was not even able to do git push or ferch once. I enter password and its return error:
"fatal: the remote end hung up unexpectedly"
1.) I am login as admin using just password (no ssh keys)
2.) I can connect with ssh with no problems. Can create, delete dirs... whatever...
3.) When try to push by git fatal error appear
4.) I am connecting from same machine for eleminating compatibility or network errors
5.) When use no ssh, just path "d:/git-repos/git-local.git", git working nice
SSH debug log:
debug3: Ignored env SSH_AUTH_SOCK
debug1: Sending command: powershell git-upload-pack 'd:/git-repos/git-local.git'
debug2: channel 0: request exec confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: exec request accepted on channel 0
debug2: channel 0: read<=0 rfd 4 len 0
debug2: channel 0: read failed
debug2: channel 0: chan_shutdown_read (i0 o0 sock -1 wfd 4 efd 6 [write])
debug2: channel 0: input open -> drain
debug2: channel 0: ibuf empty
debug2: channel 0: send eof
debug3: send packet: type 96
debug2: channel 0: input drain -> closed
debug2: channel 0: rcvd ext data 43
fatal: the remote end hung up unexpectedly
debug2: channel 0: written 43 to efd 6
debug3: receive packet: type 96
debug2: channel 0: rcvd eof
debug2: channel 0: output open -> drain
debug2: channel 0: obuf empty
debug2: channel 0: chan_shutdown_write (i3 o1 sock -1 wfd 5 efd 6 [write])
debug2: channel 0: output drain -> closed
debug3: receive packet: type 98
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: receive packet: type 97
debug2: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug2: channel 0: almost dead
debug2: channel 0: gc: notify user
debug2: channel 0: gc: user detached
debug2: channel 0: send close
debug3: send packet: type 97
debug2: channel 0: is dead
debug2: channel 0: garbage collecting
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i3/0 o3/0 e[write]/0 fd -1/-1/6 sock -1 cc -1)
debug3: send packet: type 1
debug3: fd 0 is not O_NONBLOCK
Transferred: sent 2064, received 2528 bytes, in 0.8 seconds
Bytes per second: sent 2580.9, received 3161.1
debug1: Exit status 1
SSH server config:
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
SyslogFacility LOCAL0
LogLevel DEBUG3
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
# PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
# PasswordAuthentication yes
# PermitEmptyPasswords no
# GSSAPI options
#GSSAPIAuthentication no
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp sftp-server.exe
# Example of overriding settings on a per-user basis
#Match User anoncvs
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
#AllowUsers user
Match User user
ChrootDirectory "D:\git-repos"
Match User supreme
ChrootDirectory "D:\git-repos"
Match Group administrators
AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys
Seems to fail on command: powershell git-receive-pack 'D:/git-repos/git-local.git'
When run command from cmd it returns:
00bdd268299939f6e8bea6ae3e78cf891b59cc79da28 refs/heads/master report-status rep
ort-status-v2 delete-refs side-band-64k quiet atomic ofs-delta object-format=sha
1 agent=git/2.30.0.windows.1
OS: Windows 7 Ultimate SP1 32bit
Using Windows 7 CMD
Git version: 2.30.0 (32bit)
OpenSSH: 8.1p1 for Windows (32bit)
Installed by this guide:
https://github.com/PowerShell/Win32-OpenSSH/wiki/Setting-up-a-Git-server-on-Windows-using-Git-for-Windows-and-Win32_OpenSSH
First I install with no option "Run Git and included Unix tools from the Windows Command Prompt". But I reinstalled it later with this option.
Env Path server:
%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;
C:\ProgramsInstall\OpenSSH-Win32;
C:\ProgramsInstall\Git\cmd;
C:\ProgramsInstall\Git\mingw32\bin;
C:\ProgramsInstall\Git\usr\bin
"SSH where" command output:
C:\ProgramsInstall\OpenSSH-Win32\ssh.exe
C:\ProgramsInstall\Git\usr\bin\ssh.exe
Local repo config:
sshCommand = 'C:\\ProgramsInstall\\OpenSSH-Win32\\ssh.exe' -T -vvv
url = supreme#dev-server:D:/git-repos/git-local.git
uploadpack = powershell git-upload-pack
receivepack = powershell git-receive-pack

Ansible: How to set password for a user? Having trouble encrypting the password

I'm trying to setup ansible. The issue I'm having is that my authentication is failing when I use an encrypted password. I do not want to use the root user, but would like to use the user account "t0142734". Now, where do I put the password for this user? And how do I encrypt the password?
Here is what I did:
I have my hosts file (/etc/ansible/hosts) set up like this:
[devservers]
pses00top
pses16top
pses99top
[customerLabs]
pses21top
pses25top
[allLabs]
pses00top
pses16top
pses99top
pses21top
pses25top
And I have my playbook (/etc/ansible/playbooks/test.yml) set up like this:
---
- hosts: devservers
remote_user: t0142734
user: t0142734
vars:
password: $1$SomeSalt$xAFXP474fwpr2MobtwE.5/
tasks:
- user: name=t0142734 password={password} comment="Katie" ssh_key_file=/home/t0142734/.ssh/id_rsa
- name: ping test
ping:
I used the following to generate the encrypted password:
python -c 'import crypt; print crypt.crypt("This is my Password", "$1$SomeSalt$")'
And I setup my ansible configuration file ansible.cfg (/etc/ansible/ansible.cfg) like this:
inventory = /etc/ansible/hosts
host_key_checking = False
remote_user = t0142734
I run my playbook like the following:
ansible-playbook test.yml
The error i'm getting is the following:
<pses25top> ESTABLISH SSH CONNECTION FOR USER: t0142734
<pses25top> SSH: EXEC ssh -C -vvv -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
-o PasswordAuthentication=no -o User=t0142734 -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r -tt pses25top '/bin/sh -c '"'"'( umask 22 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1462469008.44-66881249426265 `" && echo "` echo $HOME/.ansible/tmp/ansible-tmp-1462469008.44-66881249426265 `" )'"'"''
pses25top | UNREACHABLE! => {
"changed": false,
"msg": "SSH encountered an unknown error. The output was:\nOpenSSH_7.2p2, OpenSSL 1.0.2g-fips 1 Mar 2016\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 58: Applying options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/root/.ansible/cp/ansible-ssh-pses25top-22-t0142734\" does not exist\r\ndebug2: resolving \"pses25top\" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to pses25top [10.76.115.151] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9999 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/id_rsa type 1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.1\r\ndebug1: match: OpenSSH_7.1 pat OpenSSH* compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to pses25top:22 as 't0142734'\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from pses25top\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01#openssh.com,ecdsa-sha2-nistp384-cert-v01#openssh.com,ecdsa-sha2-nistp521-cert-v01#openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01#openssh.com,ssh-rsa-cert-v01#openssh.com,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: zlib#openssh.com,zlib,none\r\ndebug2: compression stoc: zlib#openssh.com,zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: curve25519-sha256#libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: ciphers stoc: chacha20-poly1305#openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm#openssh.com,aes256-gcm#openssh.com\r\ndebug2: MACs ctos: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: umac-64-etm#openssh.com,umac-128-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512-etm#openssh.com,hmac-sha1-etm#openssh.com,umac-64#openssh.com,umac-128#openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,zlib#openssh.com\r\ndebug2: compression stoc: none,zlib#openssh.com\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: curve25519-sha256#libssh.org\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: client->server cipher: chacha20-poly1305#openssh.com MAC: <implicit> compression: zlib#openssh.com\r\ndebug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64\r\ndebug1: kex: curve25519-sha256#libssh.org need=64 dh_need=64\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:PV4k4IbhF+EJn096uBoQ44xkmK4meIQWKGkIV00dD44\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from pses25top\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:23\r\ndebug3: load_hostkeys: loaded 1 keys from 10.76.115.151\r\ndebug1: Host 'pses25top' is known and matches the ECDSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:23\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: key: /root/.ssh/id_rsa (0x560d1b74fae0)\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering RSA public key: /root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,password).\r\n",
"unreachable": true
}
When I try to connect without using the encrypted password (comment out the password var in the playbook), and I use the command ansible all -vvvv -m ping --ask-pass, it works!!! I get this back:
pses25top | SUCCESS => {
"changed": false,
"invocation": {
"module_args": {
"data": null
},
"module_name": "ping"
},
"ping": "pong"
}
So, when I try to use my encrypted password it does not work. When I make ansible prompt me for a password, it works. Any help?
Also, I'm not sure what to do with the "salt". Do I need to include it somewhere?
The version of Ansible I am using is ansible 2.0.1.0
Resources:
Ansible User Module Docs
Ansible FAQ about generating encrypted passwords
Ansible Configuration File Docs
Ansible Inventory Docs
It is unclear, what are you trying to do. It seems that you are trying to authenticate using password before setting password (your remote_user and user: name are equal).
Are you creating a new user "t0142734"? Then you don't have this remote_user account yet! You have to use another user for that purpose (root for instance).
Are you changing password of an existing user "t0142734.? Then you have to authenticate somehow else, because current password of this user must differ from a new one.
So as to login you can use ask-pass, or password + ansible-vault, or ssh keys.
Do simple test. Try to set up user's password via Ansible and then just login using ssh t0142734#pses00top. Without authorised_keys configured you should be asked to enter password. In case you succeed — everything is done properly

Resources