Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible ssh permission deny #15

Closed
meodemsao opened this issue Mar 17, 2019 · 14 comments

Comments

Projects
None yet
3 participants
@meodemsao
Copy link

commented Mar 17, 2019

I have issue when using plugin with ssh key logged from my local machine

UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added 'x.x.x.x' (ECDSA) to the list of known hosts.\r\nLoad key "/tmp/privateKey112652127": invalid format\r\n********@x.x.x.x: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", "unreachable": true}

@tboerger

This comment has been minimized.

Copy link
Member

commented Mar 17, 2019

The ansible error is pretty obvious, your provided ssh key got an invalid format. Import it properly as a drone secret and it works totally fine.

@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 19, 2019

@tboerger I added ansible_private_key key as a drone secret with plugins/ansible (latest)

 - name: apply ansible playbook
    image: plugins/ansible
    settings:
      playbook: ./.ansible/playbook.yml
      inventory: ./.ansible/host
      private_key:
        from_secret: ansible_private_key
`

My private key format 

-----BEGIN OPENSSH PRIVATE KEY-----
code
-----END OPENSSH PRIVATE KEY-----

I have any mistake
@tboerger

This comment has been minimized.

Copy link
Member

commented Mar 19, 2019

Please try again with a key in the format:

-----BEGIN RSA PRIVATE KEY-----
SNIP
-----END RSA PRIVATE KEY-----
@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 19, 2019

@tboerger I has been try this but have same this error

@xoxys

This comment has been minimized.

Copy link
Member

commented Mar 19, 2019

@meodemsao How do you add your key as a secret? From the WebUI? This can be the reason for the invalid key. Try to add the key with drone cli:
drone secret add --repository octocat/hello-world --name ansible_private_key --data @/root/ssh/id_rsa

@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 20, 2019

@xoxys I add from webui, this is a problem ? I will try with drone cli

@tboerger

This comment has been minimized.

Copy link
Member

commented Mar 20, 2019

Sometimes it could lead to problems with multi-line secrets like SSH keys.

@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 20, 2019

I add success ansible_private_key to drone

drone secret add --repository xxx/xxx --name ansible_private_key --data ~/.ssh/id_rsa

but have same error

@xoxys

This comment has been minimized.

Copy link
Member

commented Mar 20, 2019

Nope you did not. Look at my example above. The @ has to be there and use absolute filepath to your private key

@tboerger

This comment has been minimized.

Copy link
Member

commented Mar 20, 2019

with your command the secret got the value ~/.ssh/id_rsa, but it doesn't contain the file content.

@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 20, 2019

@xoxys thanks 👍

@xoxys

This comment has been minimized.

Copy link
Member

commented Mar 20, 2019

@meodemsao works?

@meodemsao

This comment has been minimized.

Copy link
Author

commented Mar 20, 2019

@xoxys yes 💯

@xoxys

This comment has been minimized.

Copy link
Member

commented Mar 20, 2019

Great! We need to document this a bit better. It is very hard to finde in the docs..

@xoxys xoxys closed this Mar 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.