How to connect to WIndows node using openSSH and Ansible? - windows

I am trying to connect to my windows computer using OpenSSH and Ansible.
I am able to connect using regular ssh, but when I try to connect using Ansible, I get pretty much the same error everytime I change something.
I've also tried running Ansible as root and still nothing
fatal: [IVU]: UNREACHABLE! => {"changed": false, "msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"` echo /tmp/ansible-tmp-1502794936.2073953-164132649383245 `\" && echo ansible-tmp-1502794936.2073953-164132649383245=\"` echo /tmp/ansible-tmp-1502794936.2073953-164132649383245 `\" ), exited with result 1", "unreachable": true}
I've tried to change the ssh_args in ansible.cfg to ssh_args= -o ControlMaster=no and no change to the output was made.
I've tried to change the executable in the ansible.cfg to C:/Windows/System32/cmd.exe and I got the same error
I've tried changing the remote_dir=/tmp/ and still nothing.
My ansible inventory is:
[IVU]
IVU ansible_host=**IP**
[IVU:vars]
ansible_port=22
ansible_user=**user**
ansible_ssh_pass=**pass**
ansible_ssh_private_key_file=** Keyfile **
It seems like it's failing before even running any tasks, but from the openssh logs on the windows computer I see no difference when ansible connects to it and when I ssh into it.
3724 09:27:38:720 error: Couldn't create pid file "C:\\Program Files\\OpenSSH\\sshd.pid": Permission denied
3724 09:27:41:376 Accepted publickey for **User** from **IP** port 42700 ssh2: RSA SHA256:clNmiKxygl/TLEb5Ob4lZs6JqztoQyxOsjMoHQ2HYgo
3724 09:27:58:533 Received disconnect from **IP** port 42700:11: disconnected by user
3724 09:27:58:533 Disconnected from user **User** **IP** port 42700
3360 09:28:41:398 error: Couldn't create pid file "C:\\Program Files\\OpenSSH\\sshd.pid": Permission denied
3360 09:28:41:616 Accepted publickey for **User** from **IP** port 42704 ssh2: RSA SHA256:clNmiKxygl/TLEb5Ob4lZs6JqztoQyxOsjMoHQ2HYgo
3360 09:28:41:741 Received disconnect from **IP** port 42704:11: disconnected by user
3360 09:28:41:741 Disconnected from user **User** **IP** port 42704
The 9:27 is when I'm connecting using ssh and the 9:28 is when ansible connects.
Is there something I'm missing that I need to change in order for Ansible to work with openSSH on windows?

I figured out a solution by using a reverse ssh tunnel.
I abandoned the idea of trying to use the ssh ansible module with windows since Windows simply doesn't play nicely with it unless you have the windows 10 update. I decided to use the winrm ansible module instead.
What I did is I connected the windows computer to the computer running Ansible by opening a reverse SSH tunnel by using the command:
ssh -p5983 -R 5982:localhost:5986 **my_user**#**my_ip**
For my purposes I had to port forward because my computer was on a separate vlan than the windows computer
Then in Ansible I specified that the host is localhost at port 5982.
This is about as good of a solution for when working with openssh and windows, at least until Ansible supports openssh on windows.

Related

Ansible Failed to connect to the host via ssh

good day.
I generated ssh-keygen via user not in root and I copied it to my remote server. I can ssh the remote server without asking for a password in the user. As far as I read from the documentations it needs to have generated ssh-key in root in order to run commands like this:
ansible all -m ping
Is there a way that I can get to this successfully without using root?
For now, I get this error:
"msg": "Failed to connect to the host via ssh: <username>#192.x.y.z: Permission denied (publickey,password).",

Unable to connect to EC2 server with my MacBook

I am unable to connect to EC2 (CentOs) from my MacBook. When I connect it from ubuntu machine, it will be connected. Currently, I got the following the following error:
ec2 ssh sign_and_send_pubkey: no mutual signature supported Account locked due to 290 failed logins
How can I solve the problem?
I have tried the following command:
ssh -i key.pem ec2-user#ip
I was locked out and couldn't access the machine to enter in the suggested answer's change to ssh config.
I added the following argument to the ssh call -o PubkeyAcceptedKeyTypes=+ssh-rsa and it worked.
Example:
ssh -i "keypair.cer" -o PubkeyAcceptedKeyTypes=+ssh-rsa ec2-user#ip
Note: the ssh call will accept both .cer and .pem filetypes.
edit or create the file ~/.ssh/config and add the following content:
Host *
PubkeyAcceptedKeyTypes=+ssh-dss
After that, try again.

Bash Ubuntu on Windows 10, connect to host port 22: Connection Failure

I just installed the Bash Ubuntu on Windows 10 natively. When I try and acess a remote server I get ssh: connect to host HOSTNAME port 22: Connection refused
I have tried to find a solutions, but the solutions doesn't work.
This is what I have tried:
https://askubuntu.com/questions/59458/error-message-sudo-unable-to-resolve-host-user/733120#733120
When I could not acess /etx/hosts I tried this:
https://askubuntu.com/questions/326239/cannot-access-etc-hosts
After downloading gksudo to try and edit /etc/hosts I got this error message (gksudo:2601): Gtk-WARNING **: cannot open display:
Are u sure everything is correctly setup?
I just tried
ssh -T git#github.com
in my Bash on Ubuntu on Windows.
and it totally works Returning
Hi <usernamer>! You've successfully authenticated, but GitHub does not provide shell access.
Maybe you have some settings that prevent connections? for example in ~/.bashrc?
Maybe your server needs a different port? use ssh -p 2222 for that.

use ssh private key from host in vagrant guest

I want to clone a bunch of private git repositories while provisioning a vagrant box. According to this article this should be possible using config.ssh.forward_agent = true. However, when trying to connect to github via something like ssh -T git#github.com -o StrictHostKeyChecking=no it fails with the following error:
Warning: Permanently added 'github.com,192.30.252.130' (RSA) to the list of known hosts.
Permission denied (publickey).
I cut my configuration down to the simplest possible configuration. You can find it here: https://gist.github.com/TomTasche/31f7c45fcffc2997d43a
When I do "vagrant ssh" and try the same again, a similar error occurs:
Cloning into 'private-repositories'...
Warning: Permanently added the RSA host key for IP address '192.30.252.130' to the list of known hosts.
Permission denied (publickey).
fatal: The remote end hung up unexpectedly
Edit: the configuration linked above does work on a host running Ubuntu, but does neither work on a Mac host, nor on a Windows host. My goal is to have a configuration that works on all these three hosts.
Please check whether your host system has ssh-agent forwarding enabled. You can do so for example by adding this block to your ~/.ssh/config file:
Host *
ForwardAgent yes
If this is enabled vagrant ssh (and also vagrant provision) should be able to forward your key to the guest machine.
You also might want to check using ssh-add -l whether your ssh-agent does know about your SSH-key. If it is in the list and you have agent-forwarding activated you should have a success. Otherwise you can add the key to your ssh-agent by running ssh-add <path to your key file>.
It sounds like you may be hitting this particular bug:
https://github.com/mitchellh/vagrant/issues/1735
(Despite it being "closed" it's actually not fixed)
On Windows, SSH Forwarding in Vagrant does not work properly by default (because of a bug in net-ssh).
However, there is a workaround or simple hack. You can auto-copy your local SSH key to the Vagrant VM via a simple provisioning script in your VagrantFile. Here's an example:
https://github.com/mitchellh/vagrant/issues/1735#issuecomment-25640783
Tom,
What you're doing is fairly generic in nature and I don't think is Vagrant specific.
Try some of the following to track down the issue:
edit your /etc/ssh/sshd_config
Set LogLevel debug
Restart the sshd service sudo service sshd restart or /etc/init.d/sshd restart
tail -f /var/log/authlog -- note, the file may be something else like /var/log/authd.log or /var/log/secure or something.
Watch what happens when you connect. It should give you some indication of why it's failing.
Again sorry, I'm not that familiar with Vagrant but I'm wondering if the provisioning script is running as another user, in which case the agent forwarding may not work as expected?

Setup passphraseless ssh to localhost on OS X

I'm trying to get Hadoop's Pseudo-Distributed Operation example (http://hadoop.apache.org/common/docs/stable/single_node_setup.html) to work on OS X Lion, but am having trouble getting the ssh to work without a passphrase.
The instructions say the following:
Setup passphraseless ssh
Now check that you can ssh to the localhost without a passphrase: $
ssh localhost
I'm getting connection refused:
archos:hadoop-0.20.203.0 travis$ ssh localhost
ssh: connect to host localhost port 22: Connection refused
If you cannot ssh to localhost without a passphrase, execute the
following commands:
$ ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
After this step I am still getting connection refused. Any ideas???
Sounds like you don't have SSH enabled. Should be in the network settings control panel somewhere.
You go to "System Preferences > Sharing > Remote Access" and there's a list of authorized users. Change it to "All Users".
That's solves this problem.
Check the permissions on your .ssh directory. Some ssh implementations require that the directory be chmod 700. Otherwise, they just ignore it.
Also, check the output of
ssh -v localhost
to see how the ssh client is trying to connect. The output is very detailed, and will help you decide if it's an authentication problem.
I had the same issue.
Please check if the ssh server is running or not.
If yes, open the /etc/init.d/ssh_config and /etc/init.d/sshd_config files. The issue is that the server is running on a different port and the client is pointing to different port.
Before this please ensure that openssh-server and client are installed.
I had the same problem and i solved it the following manner :
SSH is activated.
ssh -v localhost (as stated by Herko)
In the ouput, i identified that the authentication method by DSA is not supported.
debug1: Skipping ssh-dss key /Users/john/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
I simply re-generate an ECDSA keys and remove the DSA key pairs.
After the keys generation, the procedure given on Hadoop documentation holds.
Therefore, it is important to check, if the authentication method is supported by the Openssh configuration.

Resources