Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication fails without explanation for new hosts with no entry in openssh known_hosts file when using sshpass #5531

Closed
ghost opened this issue Jan 7, 2014 · 3 comments
Closed

Authentication fails without explanation for new hosts with no entry in openssh known_hosts file when using sshpass #5531

ghost opened this issue Jan 7, 2014 · 3 comments
Labels
bug This issue/PR relates to a bug.

Comments

@ghost
Copy link

ghost commented Jan 7, 2014

Eg:

tolan@orbit:~/storage/projects/work/ansible/ansible$ echo "" >> ~/.ssh/known_hosts 
tolan@orbit:~/storage/projects/work/ansible/ansible$ ansible all -u rogue -m ping --ask-pass
SSH password: 
192.168.0.2 | FAILED => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-1389113840.86-81068742964623 && chmod a+rx $HOME/.ansible/tmp/ansible-1389113840.86-81068742964623 && echo $HOME/.ansible/tmp/ansible-1389113840.86-81068742964623, exited with result 6

tolan@orbit:~/storage/projects/work/ansible/ansible$ ansible all -u rogue -vvvv -m ping --ask-pass
SSH password: 
<192.168.0.2> ESTABLISH CONNECTION FOR USER: rogue
<192.168.0.2> REMOTE_MODULE ping 
<192.168.0.2> EXEC ['sshpass', '-d6', 'ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/tolan/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'GSSAPIAuthentication=no', '-o', 'PubkeyAuthentication=no', '-o', 'User=rogue', '-o', 'ConnectTimeout=10', '192.168.0.2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200 && chmod a+rx $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200 && echo $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200'"]
192.168.0.2 | FAILED => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consider changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200 && chmod a+rx $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200 && echo $HOME/.ansible/tmp/ansible-1389113850.75-242060195634200, exited with result 6

tolan@orbit:~/storage/projects/work/ansible/ansible$ ansible all -u rogue -vvvv -m ping --ask-pass
SSH password: 
<192.168.0.2> ESTABLISH CONNECTION FOR USER: rogue
<192.168.0.2> REMOTE_MODULE ping 
<192.168.0.2> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/tolan/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=rogue', '-o', 'ConnectTimeout=10', '192.168.0.2', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansible-1389113856.57-38754570953398 && chmod a+rx $HOME/.ansible/tmp/ansible-1389113856.57-38754570953398 && echo $HOME/.ansible/tmp/ansible-1389113856.57-38754570953398'"]
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
ECDSA key fingerprint is 18:3e:2b:67:b9:3e:bb:14:04:87:cc:64:f7:03:1c:5e.
Are you sure you want to continue connecting (yes/no)? yes
<192.168.0.2> PUT /tmp/tmpUpqhGo TO /home/rogue/.ansible/tmp/ansible-1389113856.57-38754570953398/ping
<192.168.0.2> EXEC ['ssh', '-tt', '-vvv', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/home/tolan/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Port=22', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=rogue', '-o', 'ConnectTimeout=10', '192.168.0.2', "/bin/sh -c '/usr/bin/python /home/rogue/.ansible/tmp/ansible-1389113856.57-38754570953398/ping; rm -rf /home/rogue/.ansible/tmp/ansible-1389113856.57-38754570953398/ >/dev/null 2>&1'"]
192.168.0.2 | success >> {
    "changed": false, 
    "ping": "pong"
}

The final case, where the missing host key is mentioned and I'm prompted for whether I want to accept it only occurs if I hit enter instead of entering a password.

The proper behaviour would seem to be for the host key prompt to appear with or without a password being entered.

This is using trunk on Debian testing.
@mpdehaan
Copy link
Contributor

mpdehaan commented Jan 7, 2014

@jctanner let's examine this but only for the ssh alt path

@jctanner
Copy link
Contributor

jctanner commented Jan 8, 2014

Fixed by 0b64408

@jctanner jctanner closed this as completed Jan 8, 2014
jctanner added a commit that referenced this issue Jan 8, 2014
@jctanner
Fixes #5531 Give the user a better error message when sshpass does no…
0b64408 
…t know the remote hostkey
@ghost
Copy link
Author

ghost commented Jan 8, 2014

Great turn-around thanks.

jimi-c pushed a commit that referenced this issue Dec 6, 2016
@cukal @ryansb
Docs update for os_security_group (#5531)
00e64de 
The example used equal characters and not colon characters.
@ansibot ansibot added bug This issue/PR relates to a bug. and removed bug_report labels Mar 6, 2018
@ansible ansible locked and limited conversation to collaborators Apr 24, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mpdehaan @jctanner @ansibot