Question

Permission is denied while connecting to server with ansible via ssh

Posted November 3, 2017 37.4k views
Ansible

I’m getting the error below when I’m writing this

ansible -m ping all
host1 | UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n",
    "unreachable": true
}

I have gone through all the steps in this tutorial and now I’m stuck at step 3. https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-16-04

Any help is appreciated.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

6 answers

This could happen even if you have made sure the passwordless ssh between System A and System B (say using either ssh-copy-id command or by manually copying the public key i.e content of the idrsa.pub file on System A to .ssh/authorizedkeys file on System B. If this is happening, one of the reason could be the user home directories.

On System A the user home directory is say /home/tester and on System B, it is /users/tester, then passwordless ssh might not work. Make sure both users have same home directory solves this issue. I observed this case in CentOS machines and on making sure the home directories for users same, the issue resolved.

Hi there! What happens if you try to connect to your server via SSH?

ssh root@your_server_ip
  • It connects

    Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-98-generic x86_64)
    
     * Documentation:  https://help.ubuntu.com
     * Management:     https://landscape.canonical.com
     * Support:        https://ubuntu.com/advantage
    
      Get cloud support with Ubuntu Advantage Cloud Guest:
        http://www.ubuntu.com/business/services/cloud
    
    25 packages can be updated.
    0 updates are security updates.
    
    
    Last login: Sat Nov  4 06:10:48 2017 from 87.92.112.123
    
    • It’s So simple. If the ssh works!!

      Just add the bellow entrance in the file /etc/ansible/hosts located in you Ansible master.

      <your_server_ip> ansible_user=root

      Best regards,
      Ciro Bessa

Did you work through the prerequisite tutorial listed at the beginning of the Ansible installation article?
Specifically step 4.

This one: Initial Server Setup with Ubuntu 16.04

It looks like you don’t have your user’s public SSH key present on the remote droplet that Ansible uses to authenticate? I’m not sure however.

by Mitchell Anicas
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04.

Since you can connect directly, your ansible is defaulting to a different key. Create/edit your ansible.cfg file in your playbook directory and add a line for the location of your key:

[defaults]
privatekeyfile = /Users/username/.ssh/private_key

This error usually occurs when their is no valid public key set for the target server.

First check whether you have valid public and private key generated for the user which you are using.
Keep public key in target server and private key in control server
Get the path for private key and configure it in ansible.cfg file(check ansible docs for this)

  • From the Ansible master run ssh to the remote target and see if that works:
ssh <user>@<target>

If this works ssh is enabled, move on to the next step.

  • Try the following from the Ansible master:
ansible-playbook -i inventory.yaml --private-key=/home/<user_id>/.ssh/id_rsa <playbook>.yaml -u <user_id>

If this fails with the following error, steps listed after the error should fix:

  TASK [Gathering Facts] *********************************************************
  fatal: [x-host.com]: UNREACHABLE! => {"changed": false, "msg": "Authentication failed.", "unreachable": true}
    to retry, use: --limit 

  PLAY RECAP *********************************************************************
  x-host.com   : ok=0    changed=0    unreachable=1    failed=0   
  • On the remote host, move/rename the ~/.ssh/authorized_keys file.

  • Then from the ansible master run the following:

ssh-copy-id -i ~/.ssh/id_rsa.pub <user-id>@<x-host>

// ssh-copy-id — use locally available keys to authorise logins on remote machine

  • This creates an authorized_keys file in the remote server ~/.ssh folder for the <user-id> user.

  • Now run the ansible playbook and should work.

edited by MattIPv4
Submit an Answer