Ever encountered the above mentioned error while attempting to ssh into a remote server or cloud instance? Well, I did while in the midst of executing an Ansible Playbook with an OpenShift instance as the intended target host endpoint.
Why use Ansible with an OpenShift xPaaS, you might ask? Why not? There is so many types of IT automation tasks that Ansible can achieve….
Any way back to the theme of this post — security. This exact error shows up both in the terminal window as well as the log file for Ansible
2018–01–08 02:08:06,124 p=761 u=root | fatal: [0.0.0.0]: UNREACHABLE! => {“changed”: false, “msg”: “Failed to connect to the host via ssh: Warning: Permanently added ‘0.0.0.0’ (ECDSA) to the list of known hosts.\r\nPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n”, “unreachable”: true}A familiar error, usually due to missing public keys that the ssh client requires to establish connectivity. Problem is, there already exists a public key id_rsa.pub in the ~/.ssh directory of my client workstation, which I created prior to this.
So what did I do wrong?
After some research, it was determined that the public key has to be clearly made known to the ssh client. So I proceeded to create an authorized_keys file containing the public key that I earlier generated. It is located in the same directory as the public key — ~/.ssh The file will be read by any activessh clients on the client workstation.
The result was a successful retry of the execution of the Ansible Playbook. Moments like these, brings to mind the phrase “so close, yet so far”…..
