Vagrant Private key - Ansible SSH Permission Denied - How to resolve.

Updated on:

While building VMs with Vagrant and trying to run ansible-playbook with them over SSH connection.  We get exceptions like Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password

The execution and the error would like something similar to the below.

[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts 
192.168.60.4 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", 
"unreachable": true
}

This post presumes that you are using the Vagrant's private key for ansible SSH authentication.

 

The Problem / The Scenario:

Here I am using the vagrant private key with ansible and passing it as a ansible_ssh_private_key_file variable

A Snap of my ansible_hosts file shows my variable declaration

[multi:vars]
ansible_ssh_user=vagrant
ansible_ssh_private_key_file=~/.vagrant.d/insecure_private_key
ansible_ssh_common_args='-o StrictHostKeyChecking=no'

Though you would be able to directly SSH to the VM using the private_key. You would not be able to SSH with ansible.

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh -i ~/.vagrant.d/insecure_private_key [email protected]
Development Environment
[vagrant@mwiapp01 ~]$

ansible ad-hoc commands (or) playbook will fail with the error. when executed with -vvv option in ansible. you could see the detailed info similar to this

[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts -vvv
ansible 2.5.0
config file = None
configured module search path = [u'/Users/aksarav/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.5.0/libexec/lib/python2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.14 (default, Mar 22 2018, 15:04:47) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
No config file found; using defaults
Parsed /Users/aksarav/VirtualBox VMs/vagrantVM/ansible_hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/local/Cellar/ansible/2.5.0/libexec/lib/python2.7/site-packages/ansible/modules/system/ping.py
<192.168.60.4> ESTABLISH SSH CONNECTION FOR USER: vagrant
<192.168.60.4> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/aksarav/.vagrant.d/insecure_private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/Users/aksarav/.ansible/cp/1dc5e4da79 192.168.60.4 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<192.168.60.4> (255, '', 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
192.168.60.4 | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", 
"unreachable": true
}

Resolution

Now we have our private-key of vagrant. Let us create a SSH public Key and copy it over to VMs.

Execute the following command in the order it is given to accomplish.

ssh-keygen -y -f ~/.vagrant.d/insecure_private_key

ssh-keygen -y -f ~/.vagrant.d/insecure_private_key > ~/.vagrant.d/vagrant.pub

ssh-copy-id -f -i ~/.vagrant.d/vagrant.pub [email protected]

 

Execution Result

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-keygen -y -f ~/.vagrant.d/insecure_private_key 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-keygen -y -f ~/.vagrant.d/insecure_private_key > ~/.vagrant.d/vagrant.pub

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-copy-id -f -i ~/.vagrant.d/vagrant.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/aksarav/.vagrant.d/vagrant.pub"

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

 

Validation

[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts
192.168.60.4 | SUCCESS => {
"changed": false, 
"ping": "pong"
}

Now you could notice the issue is resolved and you could run the ansible ad-hoc commands and playbook without any hitch

Cheers!.

A K S A R A V

More from Middleware Inventory

  • How to create ssh public key from private key - Vagrant & Linux

    How to create SSH public Key from SSH private key is a question made me write this post. Though we would be able to achieve the SSH key-based authentication by producing the private key. Sometimes it is necessary that we must have the SSH public key. Especially when we are…

  • Ansible SSH Key transfer from one host to another - local and remote

    SSH Key-based authentication setup in LINUX (or) UNIX based OS is one of the major platform services related task and most frequently executed task by Unix admins. Ansible, An IT Automation tool could automate this tedious task as well. SSH Key based authentication is indispensable when it comes to automation. Even…

  • How to Ignore SSH Host Key Verification

    While running a script to login to multiple remote servers using sshpass (or) keybased authentication (or) while logging to remote server using ssh (or) while copying the file using SCP. There are chances we might have encountered this "Host Key Verification failed" message. All the time we cannot do manual…

  • SSH without Password Key Based Authentication
    How to enable SSH Key based authentication - Passwordless SSH

    How to SSH without Password into remote Linux Server is the question that every Engineer working on Linux might have come across. Sometimes the Question we seek could be different like ssh command without password ssh to the remote server without password SSH without password from Shell Script SCP to…

  • Ansible Vagrant
    Ansible Vagrant Example - Testing Ansible with Vagrant | Devops Junction

    In this article, we are going to see how to use Vagrant to create a development of Virtual machines and start practising Ansible. This is A Beginner article for both Ansible and Vagrant. I remember the days where I used to struggle with  Vmware workstation (or) virtual box to setup…