Ansible: Failed to connect to the host via ssh: Permission denied (publickey,password)

Created on 20 Dec 2016  ·  70Comments  ·  Source: ansible/ansible

192.168.1.113 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", 
    "unreachable": true
}

I have this error I use Debian Stretch and a guest manjaro in virtualbox.

affects_2.3

Most helpful comment

Good,
It's a bit hard to debug when you specify all in your command.

Comment all lines in your hosts file add this line

[webserver]
35.165.79.66 ansible_user=ubuntu 

and try to run :

$: ansible webserver -m ping -vvv

And show me the output.
Regards

All 70 comments

Facing the same issue. Following.

Can you launch the same command with the option -vvvv for more output. please !

guru@tj-lp140:/etc/ansible$ ansible all -m ping -vvv
Using /etc/ansible/ansible.cfg as config file
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/ping.py
<35.165.79.66> ESTABLISH SSH CONNECTION FOR USER: None
<35.165.79.66> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/guru/.ansible/cp/ansible-ssh-%h-%p-%r 35.165.79.66 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /tmp/ansible-tmp-1482309322.49-151682117578429 `" && echo ansible-tmp-1482309322.49-151682117578429="` echo /tmp/ansible-tmp-1482309322.49-151682117578429 `" ) && sleep 0'"'"'' 

Thanks.
From your output, I see that you don't have any ansible_user specified :

<35.165.79.66> ESTABLISH SSH CONNECTION FOR USER: None

Cat you show the content of your inventory file too ?

# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.

## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

[webservers]
35.165.79.66

# If you have multiple hosts following a pattern you can specify
# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]
## 
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:

## db-[99:101]-node.example.com

ssh [email protected] connection will establish. but ansible command not able to complete.

Good,
It's a bit hard to debug when you specify all in your command.

Comment all lines in your hosts file add this line

[webserver]
35.165.79.66 ansible_user=ubuntu 

and try to run :

$: ansible webserver -m ping -vvv

And show me the output.
Regards

guru@tj-lp140:/etc/ansible$ ansible webservers -m ping -vvv
Using /etc/ansible/ansible.cfg as config file
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/core/system/ping.py
<35.165.79.66> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<35.165.79.66> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/guru/.ansible/cp/ansible-ssh-%h-%p-%r 35.165.79.66 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494 `" && echo ansible-tmp-1482312980.96-238945640414494="` echo $HOME/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494 `" ) && sleep 0'"'"''
<35.165.79.66> PUT /tmp/tmpxll2kJ TO /home/ubuntu/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494/ping.py
<35.165.79.66> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/guru/.ansible/cp/ansible-ssh-%h-%p-%r '[35.165.79.66]'
<35.165.79.66> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<35.165.79.66> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/guru/.ansible/cp/ansible-ssh-%h-%p-%r 35.165.79.66 '/bin/sh -c '"'"'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494/ /home/ubuntu/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494/ping.py && sleep 0'"'"''
<35.165.79.66> ESTABLISH SSH CONNECTION FOR USER: ubuntu
<35.165.79.66> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ubuntu -o ConnectTimeout=10 -o ControlPath=/home/guru/.ansible/cp/ansible-ssh-%h-%p-%r -tt 35.165.79.66 '/bin/sh -c '"'"'/usr/bin/python /home/ubuntu/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494/ping.py; rm -rf "/home/ubuntu/.ansible/tmp/ansible-tmp-1482312980.96-238945640414494/" > /dev/null 2>&1 && sleep 0'"'"''
35.165.79.66 | FAILED! => {
    "changed": false, 
    "failed": true, 
    "invocation": {
        "module_name": "ping"
    }, 
    "module_stderr": "Shared connection to 35.165.79.66 closed.\r\n", 
    "module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n", 
    "msg": "MODULE FAILURE"
}
<192.168.1.113> ESTABLISH SSH CONNECTION FOR USER: fulgor
<192.168.1.113> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=fulgor -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/ansible-ssh-%h-%p-%r 192.168.1.113 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo $HOME/.ansible/tmp/ansible-tmp-1482330370.75-42265180130710 `" && echo ansible-tmp-1482330370.75-42265180130710="` echo $HOME/.ansible/tmp/ansible-tmp-1482330370.75-42265180130710 `" ) && sleep 0'"'"''
192.168.1.113 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", 
    "unreachable": true
}

I changed the image disk in virtual box so the ssh key has been regenerated but from this moment I have an error message.

Could you help me ?

Generate the ssh key on the master node:

root@master:~# ssh-keygen -t rsa -C "[email protected]"

Then copy your public key to the servers with ssh-copy-id:

root@master:~# ssh-copy-id [email protected]
root@master:~# ssh-copy-id [email protected]

I got this informations on this website https://valdhaus.co/writings/ansible-post-install/ and it is working

@guruprasad85 it looks like you miss "python" on the remote machine (35.165.79.66).

"module_name": "ping"
},
"module_stderr": "Shared connection to 35.165.79.66 closed.\r\n",
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
"msg": "MODULE FAILURE"
}

Hi,
I have found the solution.
If you are using ami(ubuntu 16) OS then there is no python installed, so you need to install it. Use below command to install python -

sudo apt-get install python-minimal -y

or

you need to use ami(ubuntu 14)OS. It has python 2.7.

Note : confirm which version of OS you have in your system.

Glad you found the solution.

I'm trying to ping from an Ansible control machine (installed in a UBUNTU 14.04 VM), to a cent OS instance.
Both are google cloud instance (with python installed).
I'm unsure about the connection status between them. From the below results of ansible all -m ping I could see there is something wrong with my SSH.

35.185.191.25 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
    "unreachable": true
# ansible all -m ping -vvv
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<127.0.0.1> ESTABLISH SSH CONNECTION FOR USER: None
<127.0.0.1> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/21f0e6a9ae 127.0.0.1 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<35.185.191.25> ESTABLISH SSH CONNECTION FOR USER: gane
<35.185.191.25> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=gane -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/4596e88996 35.185.191.25 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<127.0.0.1> (255, '', 'Permission denied (publickey).\r\n')
127.0.0.1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",
    "unreachable": true
}
<35.185.191.25> (255, '', 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n')
35.185.191.25 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).\r\n",
    "unreachable": true
}

Could you suggest me to achieve the connection between my VMs.

I am having the same problem @ganfotry . What is the cause of this issue ? Please direct me the right way.

I fixed it by generating keys in both the VMs and then copying the keys
viceversa inside authorized_keys.
I got the below response then:)

ansible -m ping all
127.0.0.1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
35.186.***.*** | SUCCESS => {
    "changed": false,
    "ping": "pong"

I was getting the same problem:

$ ansible local -m ping
127.0.0.1 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
"unreachable": true
}

Solved the issue by installing sshpass using command:

sudo apt-get install sshpass

After installng sshpass, I executed this command:
`json ansible local -m ping --ask-pass SSH password: 127.0.0.1 | SUCCESS => { "changed": false, "ping": "pong" }
Hope this helps!!!

this worked for me, so may help you as well.
Try registering the private key to your keychain

ssh-agent bash
ssh-add <path to private key>

if this works, try adding the keys to your ~/.ssh/config file

Hi,
I am getting the below error while run the command in ansible tower GUI mode.

192.168.122.136 | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.122.136' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,password).\r\n", 
    "unreachable": true 
}

But I'm able to get the result in CLI mode on the server.

[root@node2 ~]# ansible -m ping testservers
openstack | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}

Below is the descried output

[root@node2 ~]# ansible testservers -m ping -vvv
Using /etc/ansible/ansible.cfg as config file
META: ran handlers
Using module file /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
<192.168.122.136> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.122.136> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/859aa03053 192.168.122.136 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.122.136> (0, '/root\n', '')
<192.168.122.136> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.122.136> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/859aa03053 192.168.122.136 '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696 `" && echo ansible-tmp-1497787246.45-142355876761696="` echo /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696 `" ) && sleep 0'"'"''
<192.168.122.136> (0, 'ansible-tmp-1497787246.45-142355876761696=/root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696\n', '')
<192.168.122.136> PUT /tmp/tmpkAYqIN TO /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/ping.py
<192.168.122.136> SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/859aa03053 '[192.168.122.136]'
<192.168.122.136> (0, 'sftp> put /tmp/tmpkAYqIN /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/ping.py\n', '')
<192.168.122.136> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.122.136> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/859aa03053 192.168.122.136 '/bin/sh -c '"'"'chmod u+x /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/ /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/ping.py && sleep 0'"'"''
<192.168.122.136> (0, '', '')
<192.168.122.136> ESTABLISH SSH CONNECTION FOR USER: None
<192.168.122.136> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/859aa03053 -tt 192.168.122.136 '/bin/sh -c '"'"'/usr/bin/python /root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/ping.py; rm -rf "/root/.ansible/tmp/ansible-tmp-1497787246.45-142355876761696/" > /dev/null 2>&1 && sleep 0'"'"''
<192.168.122.136> (0, '\r\n{"invocation": {"module_args": {"data": null}}, "changed": false, "ping": "pong"}\r\n', 'Shared connection to 192.168.122.136 closed.\r\n')
openstack | SUCCESS => {
    "changed": false, 
    "invocation": {
        "module_args": {
            "data": null
        }
    }, 
    "ping": "pong"
}
META: ran handlers
META: ran handlers

Thanks

Manually try to access the server on terminal, if you are able to ssh the remote server, then remove .ansible directory from local user's home directory. This works for me. (y)

Same for me!
I can ssh server via terminal without passing -i directive:

ssh [email protected]

works

Executing the command:

ansible all -m ping

I get the error:

    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n",  
    "unreachable": true

@lkjangir removing .ansible directory didn't work also. =(

Try this, replace ec2-user with whatever username you set up.

ansible all -u ec2-user -m ping -vvv

@aelkz : in the /etc/ansible/hosts file, you could put: [email protected] instead of server.com and then try ansible all -m ping.
Otherwise, if you don't specified the user1 in /etc/ansible/hosts, you should specified the user in ansible command: ansible all -m ping -u user1
I had the same error and that solution solved my issue.

If i am not wrong , this is due to ssh key issue. Rene rate for new key or else convert your key to openssh formate to avoid error.

Using --ask-pass along with -u parameters worked for me.

@Hai-minhD Your solution worked for me, thanks. I was testing on hosts where I had the root user as the same user I was using in the control machine. In this specific host where I was getting the failure reported above, I have a different user. Solved adding the host with this username in it in the Ansible hosts file: username@host.

try-

ansible webserver -m ping --ask-pass -i path_to_local_hosts_file

Installed python on slave and it worked for me.

I have the same issue.
I find solution : I add /etc/ansible/hosts:
ansible_ssh_user= ansible_ssh_pass=.

Hope this helps.

Getting an error. Here shivslave is another VM on Virtualbox with IP 192.168.0.5 and I am able to connect it with [email protected] successfully but Ansible command is not working. The Host file contains

[example]
192.168.0.5

shivmaster@shivmaster-VirtualBox:~$ ansible example -m ping -u shivslave -vvv
ansible 2.4.1.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/shivmaster/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.6 (default, Oct 26 2016, 20:30:19) [GCC 4.8.4]
Using /etc/ansible/ansible.cfg as config file
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<192.168.0.5> ESTABLISH SSH CONNECTION FOR USER: shivslave
<192.168.0.5> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=shivslave -o ConnectTimeout=10 -o ControlPath=/home/shivmaster/.ansible/cp/e51c1eb9be 192.168.0.5 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.0.5> (255, '', 'Permission denied (publickey,password).\r\n')
192.168.0.5 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
"unreachable": true
}
shivmaster@shivmaster-VirtualBox:~$

@lktslionel
I am getting same issue, i have tried all the options mentioned above, could you please help here

ansible 2.4.2.0
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 20 2017, 18:23:56) [GCC 5.4.0 20160609]
Using /etc/ansible/ansible.cfg as config file
can be disabled by setting deprecation_warnings=False in ansible.cfg.
setting up inventory plugins
Parsed /etc/ansible/hosts inventory source with ini plugin
Loading callback plugin minimal of type stdout, v2.0 from /usr/lib/python2.7/dist-packages/ansible/plugins/callback/__init__.pyc
META: ran handlers
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
<10.0.3.36> ESTABLISH SSH CONNECTION FOR USER: root
<10.0.3.36> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=22 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o ControlPath=/root/.ansible/cp/c8171a76d6 10.0.3.36 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<10.0.3.36> (255, '', 'OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for \r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/root/.ansible/cp/c8171a76d6" does not exist\r\ndebug2: resolving "10.0.3.36" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to 10.0.3.36 [10.0.3.36] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9996 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/id_rsa type 1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type 3\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2\r\ndebug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to 10.0.3.36:22 as \'root\'\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 10.0.3.36\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: [email protected],zlib,none\r\ndebug2: compression stoc: [email protected],zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]\r\ndebug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,[email protected]\r\ndebug2: compression stoc: none,[email protected]\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: [email protected]\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: [email protected] MAC: compression: [email protected]\r\ndebug1: kex: client->server cipher: [email protected] MAC: compression: [email protected]\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:JDiSsUdyRJfRGvtqAURzMtKu/Ghp0adBt/l9VbvgDfg\r\ndebug3: hostkeys_foreach: reading file "/root/.ssh/known_hosts"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 10.0.3.36\r\ndebug1: Host \'10.0.3.36\' is known and matches the ECDSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: key: /root/.ssh/id_ecdsa (0x55cbdc34d840), agent\r\ndebug2: key: /root/.ssh/id_rsa (0x55cbdc33fc30)\r\ndebug2: key: /root/.ssh/id_dsa ((nil))\r\ndebug2: key: /root/.ssh/id_ed25519 ((nil))\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 7\r\ndebug1: SSH2_MSG_EXT_INFO received\r\ndebug1: kex_input_ext_info: server-sig-algs=\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering ECDSA public key: /root/.ssh/id_ecdsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug1: Offering RSA public key: /root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug1: Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,password).\r\n')
10.0.3.36 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2, OpenSSL 1.0.2g 1 Mar 2016\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: Applying options for \r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/root/.ansible/cp/c8171a76d6\" does not exist\r\ndebug2: resolving \"10.0.3.36\" port 22\r\ndebug2: ssh_connect_direct: needpriv 0\r\ndebug1: Connecting to 10.0.3.36 [10.0.3.36] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout: 9996 ms remain after connect\r\ndebug1: permanently_set_uid: 0/0\r\ndebug1: identity file /root/.ssh/id_rsa type 1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file /root/.ssh/id_ecdsa type 3\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519 type -1\r\ndebug1: key_load_public: No such file or directory\r\ndebug1: identity file /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility mode for protocol 2.0\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.2\r\ndebug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2 Ubuntu-4ubuntu2.2\r\ndebug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH compat 0x04000000\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: Authenticating to 10.0.3.36:22 as 'root'\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 10.0.3.36\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3: send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local client KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2: host key algorithms: [email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],[email protected],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: [email protected],zlib,none\r\ndebug2: compression stoc: [email protected],zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2: peer server KEXINIT proposal\r\ndebug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519\r\ndebug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]\r\ndebug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected]\r\ndebug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2: compression ctos: none,[email protected]\r\ndebug2: compression stoc: none,[email protected]\r\ndebug2: languages ctos: \r\ndebug2: languages stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug1: kex: algorithm: [email protected]\r\ndebug1: kex: host key algorithm: ecdsa-sha2-nistp256\r\ndebug1: kex: server->client cipher: [email protected] MAC: compression: [email protected]\r\ndebug1: kex: client->server cipher: [email protected] MAC: compression: [email protected]\r\ndebug3: send packet: type 30\r\ndebug1: expecting SSH2_MSG_KEX_ECDH_REPLY\r\ndebug3: receive packet: type 31\r\ndebug1: Server host key: ecdsa-sha2-nistp256 SHA256:JDiSsUdyRJfRGvtqAURzMtKu/Ghp0adBt/l9VbvgDfg\r\ndebug3: hostkeys_foreach: reading file \"/root/.ssh/known_hosts\"\r\ndebug3: record_hostkey: found key type ECDSA in file /root/.ssh/known_hosts:1\r\ndebug3: load_hostkeys: loaded 1 keys from 10.0.3.36\r\ndebug1: Host '10.0.3.36' is known and matches the ECDSA host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:1\r\ndebug3: send packet: type 21\r\ndebug2: set_newkeys: mode 1\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1: expecting SSH2_MSG_NEWKEYS\r\ndebug3: receive packet: type 21\r\ndebug2: set_newkeys: mode 0\r\ndebug1: rekey after 134217728 blocks\r\ndebug1: SSH2_MSG_NEWKEYS received\r\ndebug2: key: /root/.ssh/id_ecdsa (0x55cbdc34d840), agent\r\ndebug2: key: /root/.ssh/id_rsa (0x55cbdc33fc30)\r\ndebug2: key: /root/.ssh/id_dsa ((nil))\r\ndebug2: key: /root/.ssh/id_ed25519 ((nil))\r\ndebug3: send packet: type 5\r\ndebug3: receive packet: type 7\r\ndebug1: SSH2_MSG_EXT_INFO received\r\ndebug1: kex_input_ext_info: server-sig-algs=\r\ndebug3: receive packet: type 6\r\ndebug2: service_accept: ssh-userauth\r\ndebug1: SSH2_MSG_SERVICE_ACCEPT received\r\ndebug3: send packet: type 50\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug3: start over, passed a different list publickey,password\r\ndebug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_lookup publickey\r\ndebug3: remaining preferred: ,gssapi-keyex,hostbased,publickey\r\ndebug3: authmethod_is_enabled publickey\r\ndebug1: Next authentication method: publickey\r\ndebug1: Offering ECDSA public key: /root/.ssh/id_ecdsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug1: Offering RSA public key: /root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug3: send packet: type 50\r\ndebug2: we sent a publickey packet, wait for reply\r\ndebug3: receive packet: type 51\r\ndebug1: Authentications that can continue: publickey,password\r\ndebug1: Trying private key: /root/.ssh/id_dsa\r\ndebug3: no such identity: /root/.ssh/id_dsa: No such file or directory\r\ndebug1: Trying private key: /root/.ssh/id_ed25519\r\ndebug3: no such identity: /root/.ssh/id_ed25519: No such file or directory\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\nPermission denied (publickey,password).\r\n",
"unreachable": true
}
root@ip-172-31-31-140:~/.ssh#

I had the same issue, ansible tries to connect using your current user name, so my way around it was overwriting the username, for example:
ansible all -m ping -u ec2-user

I faced two errors while running 'ansible all -m ping' and stumbled on this thread to t-shoot. I want to thank everyone for their inputs as it helped me figure this out.

:ERROR-1:
Steps to fix this message: "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n"
1)I modified fix configuration file at /etc/ansible/hosts to include the proper username 'ubuntu'
2)I passed the argument of '--private-key=/Users/my-user/.ssh/my-key.pem' so the command looked like this:
ansible all -m ping --private-key=/Users/my-user/.ssh/my-key.pem
This guide informed me on how to pass the key as an argument:
https://ansible-tips-and-tricks.readthedocs.io/en/latest/ansible/commands/

:ERROR 2:
"module_stdout": "/bin/sh: 1: /usr/bin/python: not found\r\n",
To fix I ran 'sudo apt-get update; sudo apt-get install python' on the remote host. I'm using an ec2 instance. Side note, running the install commands as part of the startup script would help resolve the second issue.

Cheers!

Looks like python was missing on our Ubuntu 16.04 servers. I installed it on all remote hosts and it fixed the issue:
sudo apt-get install python-minimal -y

SSH will connect with terminals but not with vsts and ansible, can any one help me

Trying to setup SSH connection to *@10.130.2.142:22
2018-04-04T21:56:46.6533908Z
2018-04-04T21:56:46.6549162Z PLAY [all]
*********************
2018-04-04T21:56:46.6555625Z
2018-04-04T21:56:46.6603308Z
2018-04-04T21:56:46.6616154Z TASK [Create directories]
****************
2018-04-04T21:56:46.6622522Z
2018-04-04T21:56:46.8874071Z failed: [10.130.2.206] (item=/home/
*/myagent/) => {"item": "/home/*/myagent/", "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}
2018-04-04T21:56:46.8880968Z
2018-04-04T21:56:47.0341093Z failed: [10.130.2.206] (item=/home/
*/mywork/) => {"item": "/home/*/mywork/", "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}
2018-04-04T21:56:47.0349137Z
2018-04-04T21:56:47.0363780Z fatal: [10.130.2.206]: UNREACHABLE! => {"changed": false, "msg": "All items completed", "results": [{"_ansible_ignore_errors": null, "_ansible_item_result": true, "item": "/home/
*/myagent/", "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}, {"_ansible_ignore_errors": null, "_ansible_item_result": true, "item": "/home/*/mywork/", "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", "unreachable": true}]}
2018-04-04T21:56:47.0371817Z
2018-04-04T21:56:47.0387681Z to retry, use: --limit @/tmp/Infrax/Agent_config.retry
2018-04-04T21:56:47.0397434Z
2018-04-04T21:56:47.0403265Z
2018-04-04T21:56:47.0415230Z PLAY RECAP
*********************
2018-04-04T21:56:47.0421749Z
2018-04-04T21:56:47.0434107Z 10.130.2.206 : ok=0 changed=0 unreachable=1 failed=0
2018-04-04T21:56:47.0440861Z
2018-04-04T21:56:47.0446720Z
2018-04-04T21:56:47.0452765Z
2018-04-04T21:56:47.0850279Z ##[error]Command ansible-playbook -i "10.130.2.206," /tmp/Infrax/Agent_config.yaml -b --become-user
* exited with code 4.
2018-04-04T21:56:47.0948275Z ##[section]Finishing: Run playbook

When I hit this I was using Ansible on OSX to connect to an aws box with a pem certificate. I did NOT have a ~/.ssh/config file. Once I created one and added no more than this:

Host *
IdentityFile ~/.ssh/id_rsa
AddKeysToAgent yes

Then I was magically able to execute playbooks.

i am getting the below error while trying to copy a file from control machine to a node.

COMMAND: sudo ansible dbservers -m copy -a "src=/etc/ansible/Taha dest=/etc/Taha"
Error:
52.186.71.70 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).\r\n",
"unreachable": true
}

I tried all the above listed steps, still no success....

try with passing inventory file and ssh key with a username. I don't have any user defined in inventory for nodes, so I pass with command and it always works for me. so the command will be like this -

sudo ansible dbservers -m -i inventory/inventory-file --user=ubuntu --private-key="private-key.pem" copy -a "src=/etc/ansible/Taha dest=/etc/Taha"

Thanks Lokesh for the help ...

As i am new to ansible, i just want to know where do i can save pem file on control server ? do i need to make changes in inventory-file ?

t Hi guys,
I had the same problem.
My devops user could ssh to all the servers but when I tried to runs, (with mysuer), ansible commands I always got the error ... UNREACHABLE! ...
I solved it by making , with "mysuer" ssh serverDestiny (the server that is in inventory file) note if you use fqdn you must make ssh to the FQDN.
example:
cat inventory
server1

[myuser@workstation ansible-deploy-cr] ssh-keygen
[myuser@workstation ansible-deploy-cr] ssh-copy-id -i devops@server1
test..
[myuser@workstation ansible-deploy-cr] ssh 'devops@server1

Hope this will help you.
if so, give a like 👍
Thanks,
MBrito

10.20.2.42
ansibleclient.com

[root@ansibleserver ~]# ansible all -m ping
10.20.2.42 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
ansibleclient.com | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
"unreachable": true
}
[root@ansibleserver ~]#

Kindly help me out on this issue.. i guess we need to create ssh key's how to create step by steps process please i'm not expert

Kindly help

This is fixed by Adding the generate the ssh key to server and copying the same to client

Commands :

$ ssh-keygen -t rsa

hit enter

$ cd root/
$ la -la

copy id_rsa.pub to destination vm
$ssh-copy-id destination vm

ssh-copy-id -i user@localhost
ssh-copy-id -i user@servers_in_inventory

seems to work

This URL is the #1 Google hit for this error, so, although while this "issue" is closed, people will continue hitting this for the forseeable future. Here's how I fixed it for python3, ansible 2.5 (both are PIP versions, in a virutualenv), and OSX High Sierra.
Reporting my 'fix', for my scenario. Running:
$ python3 $(which ansible) localhost -m ping -vvvv

Would result in this error. -vvvv reveals it's a key/auth failure. Great. You can isolate Ansible from this by simply doing [email protected] and for me it failed (I'm considering a failure to login with SSH keys to be a failure).

Easy fix: at ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys

I had the same problem and i get the solution by myself, i'm gonna tell you what's happening to me.
I get the same error and i solve it cz in the same proyect folder i had a hosts file, and for some reason, there was error so just with a rm -r hosts, i got solve it.
I expose to you if u have the same problem that i got.

Happy Christmas X) ,xoxo.

I had the same issue until I edited my inventory file with
[testserver]
<target_ip> ansible_user=<target_domain_name> ansible_ssh_pass=<target_pass>
Then to test:
ansible testserver -m ping

ubuntu@ip-172-31-1-85:/etc/ansible$ sudo ansible-playbook tomserver.yml

PLAY [webservers] *********************************************************

TASK [Gathering Facts] ******************************************************
fatal: [54.153.119.230]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: no such identity: /root/UbuntuAnsible.pem: No such file or directory\r\nPermission denied (publickey).\r\n", "unreachable": true}
to retry, use: --limit @/etc/ansible/tomserver.retry

please help

Are you trying to simply connect? What does your hosts file look like?

On Wednesday, September 12, 2018, FALCON-SJSU notifications@github.com
wrote:

fatal: [54.153.119.230]: UNREACHABLE! => {"changed": false, "msg": "Failed
to connect to the host via ssh: no such identity: /root/UbuntuAnsible.pem:
No such file or directory\r\nPermission denied (publickey).\r\n",
"unreachable": true}
to retry, use: --limit @/etc/ansible/tomserver.retry

please help


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-420827308,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8H0G3NUSkpFXpcm2hkAXXGco3eMmyks5uaZO0gaJpZM4LSWpz
.

I have found the solution.
My operating system was Mac OS , and I change the 'ansible.cfg' in the line 'remote_user = root ' , the problem is solved.

Yup! I've had to do the same thing! Glad you solved it!

On Tue, Sep 18, 2018 at 4:09 AM ZhangZhongyuan notifications@github.com
wrote:

I have found the solution.
My operating system was Mac OS , and I change the 'ansible.cfg' in the
line 'remote_user = root ' , the problem is solved.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-422297005,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8H0zGJ4zE4mKmaMtXDAtInZNDlrW4ks5ucKpCgaJpZM4LSWpz
.

I ran the playbook with the following flags:

ansible-playbook playbook.yml --ask-pass - this helped.

In the hosts you could also do ansibleuser="user" ansiblepass="pass" right
next to the ip for the target. This allows me to run play books without any
extra password prompts.

On Tue, Oct 2, 2018 at 11:15 AM jluntnscc notifications@github.com wrote:

I ran the playbook with the following flags:

ansible-playbook playbook.yml --ask-pass - this helped.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-426312089,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8HzRVj8-BqcUiQywgQYKIVbcr4yzdks5ug4MEgaJpZM4LSWpz
.

try This

all servers - Works when both server's and client's user name are same (Passwordless)

ansible all -m ping

all servers - "raj" is managed node's user (Passwordless)

ansible all -u raj -m ping

OR

Only demo-servers group - "raj" is managed node's user (Passwordless)

ansible demo-servers -u raj -m ping

OR

If you use password authendication

ansible -m ping all -u raj --ask-pass

or you can follow this link for further information
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/install-ansible-automation-tool-for-it-management-on-centos-7-ubuntu-14-04-fedora-22-part-1.html

What worked for me was to update my hosts file to have the path to the ssh key:

[webserver]
IP_ADDRESS ansible_user=ubuntu ansible_connection=ssh ansible_private_key_file=~/.ssh/key.pem

Nice solution. This would take care of multiple targets!

On Mon, Oct 29, 2018 at 4:02 PM fhackenb notifications@github.com wrote:

What worked for me was to update my hosts file to have the path to the ssh
key:

[webserver]
IP_ADDRESS ansible_user=ubuntu ansible_connection=ssh ansible_private_key_file=~/.ssh/key.pem


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-434057611,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8HzLY4PQVaWdPDOH0bHGnh9xpzmDWks5up17AgaJpZM4LSWpz
.

working fine after the @riteshpuj2013 solution.

ansible-playbook test.yml --ask-pass

i get this issue, not sure how to progress

[email protected] | UNREACHABLE! => {
"changed": false,
"msg": "Authentication or permission failure. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\". Failed command was: ( umask 77 && mkdir -p \"echo /tmp/.ansible/tmp/ansible-tmp-1543139945.24-52208136278646\" && echo ansible-tmp-1543139945.24-52208136278646=\"echo /tmp/.ansible/tmp/ansible-tmp-1543139945.24-52208136278646\" ), exited with result 1",
"unreachable": true
}

able to excute playbook with ansible but while executing same playbook with ansible tower getting error


<192.168.0.17> ESTABLISH SSH CONNECTION FOR USER: admin
<192.168.0.17> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/tmp/awx_86_9cdeKb/cp/86796477d7 192.168.0.17 '/bin/sh -c '"'"'echo ~admin && sleep 0'"'"''
<192.168.0.17> (255, '', "Warning: Permanently added '192.168.0.17' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n")
fatal: [192.168.0.17]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Warning: Permanently added '192.168.0.17' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true

}

i get this issue, please give me solution

ubuntu@master:~$ ansible-playbook playbook2.yml -b PLAY [172.31.42.20] ************************************************************** TASK [Gathering Facts] *************************************************************
fatal: [172.31.42.20]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
to retry, use: --limit @/home/ubuntu/playbook2.retry PLAY RECAP *****************************************************************

172.31.42.20 : ok=0 changed=0 unreachable=1 failed=0

i get this issue, please give me solution

ubuntu@master:~$ ansible-playbook playbook2.yml -b PLAY [172.31.42.20] ************************************************************** TASK [Gathering Facts] *************************************************************

fatal: [172.31.42.20]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true}
to retry, use: --limit @/home/ubuntu/playbook2.retry PLAY RECAP *****************************************************************
172.31.42.20 : ok=0 changed=0 unreachable=1 failed=0

Two solutions we have : -

password less auth (you can refer google how to generate rsa key )
add ask_pass=true in ancible.cfg file. (This will ask password when you run ansible)

Please setup the SSH connection to the host machine and test it.
Once it's done, In the /etc/ansible/hosts file give the proper host IP.
Now to test the secure connection between ansible and guest machine use the below command:
-> ansible -i hosts -u vagrant --ask-pass -m ping all
hosts-> hosts file (give proper guest ip)
-u vagrant -> vagrant is my guest machine username
--ask-pass-> It allows you to enter the SSH password to connect to guest m/c.
Note: If i donot use --ask-pass it'll throw error.

Thank you if it helps :)

it is quite possible that your /etc/ansible/hosts is wrong

i am new to ansible, can anyone help me

34.201.109.32 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey).\r\n",
"unreachable": true
}

Try to include the password for your target machine within your hosts file.
Typically, you will need to have had an existing ssh connection which
generates an RSA key for your host and your local machine. Try ssh into the
host then run ansible again.

On Sun, Jan 20, 2019 at 11:22 AM Venkata Bhanusree Vadlamudi <
[email protected]> wrote:

i am new to ansible, can anyone help me

34.201.109.32 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]:
Permission denied (publickey).\r\n",
"unreachable": true
}


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-455880089,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8H0nPfSdUELQxzoQAvvHHlsau7uyBks5vFJfOgaJpZM4LSWpz
.

When I use the ssh command from my local terminal I am able to connect to the ec2 instance. However when I run the ansible script I get the error.

34.201.109.32 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey).\r\n",
"unreachable": true
}

With AWS ec2 instances, you must generate a public key through AWS,
download it, and point the ssh session to that key. There are tutorials for
this procedure online.

On Sun, Jan 20, 2019 at 4:48 PM Venkata Bhanusree Vadlamudi <
[email protected]> wrote:

When I use the ssh command from my local terminal I am unable to connect
to the ec2 instance. However when I run the ansible script I get the error.

34.201.109.32 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: [email protected]:
Permission denied (publickey).\r\n",
"unreachable": true
}


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/ansible/ansible/issues/19584#issuecomment-455905472,
or mute the thread
https://github.com/notifications/unsubscribe-auth/An-8Hya_SkLrHT-HLYEOPEE2QXsSuDOJks5vFOQOgaJpZM4LSWpz
.

t Hi guys,
I had the same problem.
My devops user could ssh to all the servers but when I tried to runs, (with mysuer), ansible commands I always got the error ... UNREACHABLE! ...
I solved it by making , with "mysuer" ssh serverDestiny (the server that is in inventory file) note if you use fqdn you must make ssh to the FQDN.
example:
cat inventory
server1

[myuser@workstation ansible-deploy-cr] ssh-keygen
[myuser@workstation ansible-deploy-cr] ssh-copy-id -i devops@server1
test..
[myuser@workstation ansible-deploy-cr] ssh 'devops@server1

Hope this will help you.
if so, give a like 👍
Thanks,
MBrito

This fixed my issue in AWS on private VPC, I need the internal fqdn for all the servers

Hey guys,
I was facing the same issue for localhost and realised that '$ ssh localhost' was asking for a password. I solved it by moving the public key of 'user' on localhost to the authorized_key.

ssh-copy-id -i ~/.ssh/id_rsa.pub test@localhost

Just check if the authorized_key files have the necessary keys

test is the username

Wow.....I read through comments. Can not believe the issues still exist. I am on latest ansible. I guess this is one of the pain of using opensource.

vagrant@mgmt:~$ ansible lb -u vagrant -m ping -vvv
ansible 2.7.8
  config file = /home/vagrant/ansible.cfg
  configured module search path = [u'/home/vagrant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
Using /home/vagrant/ansible.cfg as config file
[DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths , use [defaults] inventory=/path/to/file|dir 
instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
/home/vagrant/inventory.ini did not meet host_list requirements, check plugin documentation if this is unexpected
/home/vagrant/inventory.ini did not meet script requirements, check plugin documentation if this is unexpected
/home/vagrant/inventory.ini did not meet yaml requirements, check plugin documentation if this is unexpected
Parsed /home/vagrant/inventory.ini inventory source with ini plugin
 [WARNING]: Found both group and host with same name: lb

META: ran handlers
<lb> ESTABLISH SSH CONNECTION FOR USER: vagrant
<lb> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/2302ac11ec lb '/bin/sh -c '"'"'echo ~vagrant && sleep 0'"'"''
<lb> (255, '', 'Permission denied (publickey).\r\n')
lb | UNREACHABLE! => {
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).", 
    "unreachable": true
}

SOLUTION

Alright, here is what worked for me -
I logged into the remote machine lb. edited the ~/.ssh/authorised_keys and added id_rsa.pub key of ansible master. Saved and exited. Bounced the sshd on lb.

This is not a perfect way, but it gets you going for initial testing.

Edit 1 - Also, you need to make sure the remote machine (client which will be managed by ansible) needs to have python installed.

PS - even the method of ssh-copy-id -i was failing for me with same error of permission denied (publickey)

vagrant@mgmt:~$ ansible lb -m ping -vvv
ansible 2.7.8
config file = /home/vagrant/ansible.cfg
configured module search path = [u'/home/vagrant/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.12 (default, Nov 12 2018, 14:36:49) [GCC 5.4.0 20160609]
Using /home/vagrant/ansible.cfg as config file
[DEPRECATION WARNING]: [defaults]hostfile option, The key is misleading as it can also be a list of hosts, a directory or a list of paths , use [defaults] inventory=/path/to/file|dir
instead. This feature will be removed in version 2.8. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
/home/vagrant/inventory.ini did not meet host_list requirements, check plugin documentation if this is unexpected
/home/vagrant/inventory.ini did not meet script requirements, check plugin documentation if this is unexpected
/home/vagrant/inventory.ini did not meet yaml requirements, check plugin documentation if this is unexpected
Parsed /home/vagrant/inventory.ini inventory source with ini plugin
[WARNING]: Found both group and host with same name: lb

META: ran handlers
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 lb '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
(0, '/home/vagrant\n', '')
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 lb '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286" && echo ansible-tmp-1552670816.4-42574892310286="echo /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286" ) && sleep 0'"'"''
(0, 'ansible-tmp-1552670816.4-42574892310286=/home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286\n', '')
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/system/ping.py
PUT /home/vagrant/.ansible/tmp/ansible-local-2173_L8KXK/tmpXoK8R8 TO /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/AnsiballZ_ping.py
SSH: EXEC sftp -b - -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 '[lb]'
(0, 'sftp> put /home/vagrant/.ansible/tmp/ansible-local-2173_L8KXK/tmpXoK8R8 /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/AnsiballZ_ping.py\n', '')
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 lb '/bin/sh -c '"'"'chmod u+x /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/ /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/AnsiballZ_ping.py && sleep 0'"'"''
(0, '', '')
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 -tt lb '/bin/sh -c '"'"'/usr/bin/python /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/AnsiballZ_ping.py && sleep 0'"'"''
(0, '\r\n{"invocation": {"module_args": {"data": "pong"}}, "ping": "pong"}\r\n', 'Shared connection to lb closed.\r\n')
ESTABLISH SSH CONNECTION FOR USER: None
SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/vagrant/.ansible/cp/e51df67eb4 lb '/bin/sh -c '"'"'rm -f -r /home/vagrant/.ansible/tmp/ansible-tmp-1552670816.4-42574892310286/ > /dev/null 2>&1 && sleep 0'"'"''
(0, '', '')
lb | SUCCESS => {
"changed": false,
"invocation": {
"module_args": {
"data": "pong"
}
},
"ping": "pong"
}

Was this page helpful?
0 / 5 - 0 ratings