我正在尝试让 Ansible 连接到远程主机,但失败并显示以下内容:
fatal: [prod-k8s-worker02]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.223: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [prod-k8s-worker01]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.222: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [prod-k8s-worker03test]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.224: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
fatal: [prod-k8s-master01]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.221: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", "unreachable": true}
我可以ssh在不需要密码的情况下成功地使用上述所有主机。
我试过以下。
添加以下清单文件:
[all:vars]
ansible_connection=ssh
ansible_user=deploy
ansible_sudo=true
ansible_become=true
ansible_ssh_common_args='-o StrictHostKeyChecking=no'
添加了以下ansible.cfg文件:
[defaults]
host_key_checking = False
host_key_check = False
还添加了以下ansible.cfg文件:
[ssh_connection]
# ssh arguments to use
ssh_args = -o StrictHostKeyChecking=no
冗长的
当我使用 playbook 运行时,-vvvv我得到以下信息:
fatal: [prod-k8s-worker01]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.222: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
<xx.xx.xx.223> (255, '', 'deploy@xx.xx.xx.223: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [prod-k8s-worker02]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.223: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
<xx.xx.xx.224> (255, '', 'deploy@xx.xx.xx.224: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [prod-k8s-worker03test]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.224: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
<xx.xx.xx.221> (255, '', 'deploy@xx.xx.xx.221: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
fatal: [prod-k8s-master01]: UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: deploy@xx.xx.xx.221: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).",
"unreachable": true
}
小智 7
如果您可以从控制主机 ssh 到目标主机(即 ec2 实例),但“ansible all -m ping”失败并显示公钥错误消息,则您需要修改工作(剧本)中的 ansible.cfg 文件目录。
[defaults]
inventory = ./hosts-dev
remote_user = <SSH_USERNAME>
private_key_file = /path_to/<SSH_KEY>.pem
对我来说,关键是添加 private_key_file = /home/ubuntu/.ssh/my_key.pem
另外,请确保修改您的密钥文件的属性,例如:chmod 400 /home/ubuntu/.ssh/my_key.pem
否则,AWS 会以“太开放”为由拒绝该密钥,但错误消息中不会出现这种情况。您可以使用来自控制主机的直接连接进行测试:
ssh -i /home/ubuntu/.ssh/my_key.pem ubuntu@Internal_IP_Address_of_Target_Machine