Hello.

I'm attempting to connect via Ansible to a remote linux based server. When
I attempt:
ansible all -m ping -u <username>

I receive the following errors:

*X.X.X.X | UNREACHABLE! => {*

*    "changed": false, *

*    "msg": "Failed to connect to the host via ssh: <username>@x.x.x.x:
Permission denied (publickey,password).", *

*    "unreachable": true*

*}*
(IP and username were discarded for confidentiality purposes.)

I'm able to execute the command successfully if I use the --ask-pass
option, however; I was hoping to get it to automatically authorize PC
machine via ssh keys.

On the Linux Server, I am able to see my PC's ssh key under: '
~/.ssh/authorized_keys'

From my understanding, the server would need the ssh key of my PC for my PC
to authenticate with it? OR is it the other way around? My MAC-Book does
not have an authorized_keys file.

Here is a result from the command 'ansible all -m ping -u oblong -vvvv'
<X.X.X.X> (255, '', 'OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading
configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line
48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname
X.X.X.X is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1:
Control socket "/Users/<username>/.ansible/cp/3c7f159221" does not
exist\r\ndebug2: ssh_connect_direct\r\ndebug1: Connecting to X.X.X.X
[X.X.X.X] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1: fd 3
clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3: timeout:
9988 ms remain after connect\r\ndebug1: identity file /Users/<username>/.ssh/id_rsa
type 0\r\ndebug1: identity file /Users/<username>/.ssh/id_rsa-cert type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_dsa type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_dsa-cert type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_ecdsa type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_ecdsa-cert type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_ed25519 type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_ed25519-cert type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_xmss type
-1\r\ndebug1: identity file /Users/<username>/.ssh/id_xmss-cert type
-1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.9\r\ndebug1: Remote
protocol version 2.0, remote software version OpenSSH_7.2p2
Ubuntu-4ubuntu2.4\r\ndebug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.4 pat
OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.4*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7*
compat 0x04000002\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1:
Authenticating to X.X.X.X:22 as \'oblong\'\r\ndebug3: hostkeys_foreach:
reading file "/Users/<username>/.ssh/known_hosts"\r\ndebug3:
record_hostkey: found key type ECDSA in file /Users/<username>/.ssh/known_hosts:8\r\ndebug3:
load_hostkeys: loaded 1 keys from X.X.X.X\r\ndebug3: order_hostkeyalgs:
prefer hostkeyalgs:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug3:
send packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT sent\r\ndebug3: receive
packet: type 20\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2: local
client KEXINIT proposal\r\ndebug2: KEX algorithms:
curve25519-sha256,[EMAIL PROTECTED],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c\r\ndebug2:
host key algorithms:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa\r\ndebug2:
ciphers ctos:
[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr,[EMAIL PROTECTED],[EMAIL PROTECTED]\r\ndebug2:
ciphers stoc:
[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr,[EMAIL PROTECTED],[EMAIL PROTECTED]\r\ndebug2:
MACs ctos:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2:
MACs stoc:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2:
compression ctos: [EMAIL PROTECTED],zlib,none\r\ndebug2: compression stoc:
[EMAIL PROTECTED],zlib,none\r\ndebug2: languages ctos: \r\ndebug2: languages
stoc: \r\ndebug2: first_kex_follows 0 \r\ndebug2: reserved 0 \r\ndebug2:
peer server KEXINIT proposal\r\ndebug2: KEX algorithms:
[EMAIL PROTECTED],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1\r\ndebug2:
host key algorithms:
ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256\r\ndebug2: ciphers
ctos:
[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr,[EMAIL PROTECTED],[EMAIL PROTECTED]\r\ndebug2:
ciphers stoc:
[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr,[EMAIL PROTECTED],[EMAIL PROTECTED]\r\ndebug2:
MACs ctos:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],hmac-sha2-256,hmac-sha2-512,hmac-sha1\r\ndebug2:
MACs stoc:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],hmac-sha2-256,hmac-sha2-5

On Thu, 9 May 2019 at 17:27, Michael Woods <[EMAIL PROTECTED]> wrote:
Hi
This isn't an ansible problem.
Take a look at some general SSH public key authentication pages, for instance:

https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

--
To post to this group, send email to [EMAIL PROTECTED].