Ok, so you installed Ansible, all is good, you exchanged ssh keys between hosts and configured the hosts you want to connect in /etc/ansible/hosts.
However, when you try to connect, running the ansible module ping to test connectivity you get:
10.10.10.99 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
So, in this example 10.10.10.99 is our server which we want to manage with ansible and the error indicates some issue with ssh.
Let’s run ansible with the -vvv verbose option to get more information:
$ ansible -m ping all -vvv
ansible 2.6.1
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/home/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 2.7.14 (default, Sep 23 2017, 22:06:14) [GCC 7.2.0]
Using /etc/ansible/ansible.cfg as config file
Parsed /etc/ansible/hosts inventory source with ini plugin
META: ran handlers
<10.10.10.99> ESTABLISH SSH CONNECTION FOR USER: None
<10.10.10.99> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/bc318c3800 10.10.10.99 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<10.10.10.99> (255, '', 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n')
10.10.10.99 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
if you paid attention to the output you may have noticed this:
<10.10.10.99> ESTABLISH SSH CONNECTION FOR USER: None
So, this means ansible is trying to connect to the server via ssh without specifying a user. This may or may not work depending on your environment. So, if the user exists on both machines and you have exchanged ssh keys for that user, it may work. However, this may not be the case in some environments.
The workaround would be to modify /etc/ansible/hosts and add an entry like this:
10.10.10.99 ansible_user=<user>
where <user> is the user that exists in the target host and for the one you exchanged ssh keys for.
After that you should be able to connect and get this output:
$ ansible -m ping all
10.10.10.99 | SUCCESS => {
"changed": false,
"ping": "pong"
}