I am having a strange issues with ansible, I am trying to create an initial setup on my servers so I can use SSH keys rather than passwords, so what I am doing is for each server group, I have a path where I am creating my SSH key, using ansible authorize the key on the servers with a password prompt, so that after I won't need to use a password again unless I regenerate my keys.
I created my SSH keys via ssh-keygen -f ./ssh/server/id_rsa
I have my hosts file setup with the location of the SSH key like this
[server]
172.16.0.211
[server:vars]
ansible_user=ubuntu
ansible_ssh_private_key_file=./ssh/server/id_rsa.pub
I have the following in my ansible playbook
- hosts: all
gather_facts: yes
become: yes
tasks:
- name: Set authorized key for user {{ ansible_user }} copying it from current user
authorized_key:
user: "{{ ansible_user }}"
state: present
key: "{{ lookup('file', '{{ ansible_ssh_private_key_file }}') }}"
I am running ansible-playbook -K -k ./ssh.yaml --verbose so I have to enter my password first before it sets up my SSH keys, which works, it updates and I am able to run a ping using ansible all --module-name ping and it pings and works fine..
172.16.0.211 | SUCCESS => {
"changed": false,
"ping": "pong"
}
However randomly, if I run ping again or any other playbooks using the new SSH key.. it says
Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for './ssh/id_rsa.pub' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"./ssh/server/id_rsa.pub\
I tried to give it permissions using chmod 600 ./ssh/server/id_rsa.pub but then ping now says
172.16.0.211 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Load key \"./ssh/server/id_rsa.pub\": invalid format\r\nubuntu@172.16.0.211: Permission denied (publickey,password).",
"unreachable": true
}
I was actually able to get it working for a few mins.. I have it sending to multiple servers.. but its showing similar error but only for 2 of them...
172.16.0.212 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.0.210 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.0.211 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.0.213 | SUCCESS => {
"changed": false,
"ping": "pong"
}
172.16.0.214 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for './ssh/server/id_rsa.pub' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"./ssh/server/id_rsa.pub\": bad permissions\r\nubuntu@172.16.0.214: Permission denied (publickey,password).",
"unreachable": true
}
172.16.0.215 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@ WARNING: UNPROTECTED PRIVATE KEY FILE! @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nPermissions 0644 for './ssh/server/id_rsa.pub' are too open.\r\nIt is required that your private key files are NOT accessible by others.\r\nThis private key will be ignored.\r\nLoad key \"./ssh/server/id_rsa.pub\": bad permissions\r\nubuntu@172.16.0.215: Permission denied (publickey,password).",
"unreachable": true
}
Only way I can get it to work again, is to regenerate the key again and copy back to server again, but happens again
It doesn't feel like a permission issue, as it worked with same SSH key for the other servers.. ?
While typing this, ran it again and they all failed now.. I am still able to connect to server via password, so servers are not having issues
Any ideas what could be causing this?
