Skip to content

Permission denied (publickey) on EC2 cloud #429

Description

@Tupoun

OS / Environment

Ubuntu 16.04.2 LTS

Ansible version

ansible 2.0.0.2

Version of components from requirements.txt

Name: msrestazure
Version: 0.4.7
Summary: AutoRest swagger generator Python client runtime. Azure-specific module.
Home-page: https://github.com/Azure/msrestazure-for-python
Author: Microsoft Corporation
Author-email: UNKNOWN
License: MIT License
Location: /mnt/backup/Install/algo-master/env/lib/python2.7/site-packages
Requires: keyring, msrest, adal
---
Name: boto3
Version: 1.4.4
Summary: The AWS SDK for Python
Home-page: https://github.com/boto/boto3
Author: Amazon Web Services
Author-email: UNKNOWN
License: Apache License 2.0
Location: /mnt/backup/Install/algo-master/env/lib/python2.7/site-packages
Requires: s3transfer, jmespath, botocore
---
Name: apache-libcloud
Version: 1.5.0
Summary: A standard Python library that abstracts away differences among multiple cloud provider APIs. For more information and documentation, please see http://libcloud.apache.org
Home-page: http://libcloud.apache.org/
Author: Apache Software Foundation
Author-email: dev@libcloud.apache.org
License: Apache License (2.0)
Location: /mnt/backup/Install/algo-master/env/lib/python2.7/site-packages
Requires: 
---
Name: six
Version: 1.10.0
Summary: Python 2 and 3 compatibility utilities
Home-page: http://pypi.python.org/pypi/six/
Author: Benjamin Peterson
Author-email: benjamin@python.org
License: MIT
Location: /mnt/backup/Install/algo-master/env/lib/python2.7/site-packages
Requires: 
---
Name: pyOpenSSL
Version: 16.2.0
Summary: Python wrapper module around the OpenSSL library
Home-page: https://pyopenssl.readthedocs.io/
Author: Hynek Schlawack
Author-email: hs@ox.cx
License: Apache License, Version 2.0
Location: /mnt/backup/Install/algo-master/env/lib/python2.7/site-packages
Requires: cryptography, six

Summary of the problem

Instalation to the EC2 end with error

fatal: [35.156.181.105]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '35.156.181.105' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey).\r\n", "unreachable": true}

Steps to reproduce the behavior

Step 1 to 6 from Deploy the Algo server

The way of deployment (cloud or local)

Cloud EC2

Expected behavior

Installed

Actual behavior

Not Installed

Full log

  What provider would you like to use?
    1. DigitalOcean
    2. Amazon EC2
    3. Microsoft Azure
    4. Google Compute Engine (only for testing, see issue #369)
    5. Install to existing Ubuntu 16.04 server

Enter the number of your desired provider
: 2

Enter your aws_access_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached
[pasted values will not be displayed]
[AKIA...]: 

Enter your aws_secret_key (http://docs.aws.amazon.com/general/latest/gr/managing-aws-access-keys.html)
Note: Make sure to use either your root key (recommended) or an IAM user with an acceptable policy attached
[pasted values will not be displayed]
[ABCD...]: 

Name the vpn server:
[algo]: 


  What region should the server be located in?
    1.   us-east-1           US East (N. Virginia)
    2.   us-east-2           US East (Ohio)
    3.   us-west-1           US West (N. California)
    4.   us-west-2           US West (Oregon)
    5.   ap-south-1          Asia Pacific (Mumbai)
    6.   ap-northeast-2      Asia Pacific (Seoul)
    7.   ap-southeast-1      Asia Pacific (Singapore)
    8.   ap-southeast-2      Asia Pacific (Sydney)
    9.   ap-northeast-1      Asia Pacific (Tokyo)
    10.  eu-central-1        EU (Frankfurt)
    11.  eu-west-1           EU (Ireland)
    12.  eu-west-2           EU (London)
    13.  ca-central-1        Canada (Central)
Enter the number of your desired region:
[1]: 10

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to cellular networks?
[y/N]: y

Do you want macOS/iOS clients to enable "VPN On Demand" when connected to Wi-Fi?
[y/N]: y

List the names of trusted Wi-Fi networks (if any) that macOS/iOS clients exclude from using the VPN (e.g., your home network. Comma-separated value, e.g., HomeNet,OfficeWifi,AlgoWiFi)
: 

Do you want to install a DNS resolver on this VPN server, to block ads while surfing?
[y/N]: y

Do you want each user to have their own account for SSH tunneling?
[y/N]: y

Do you want to apply operating system security enhancements on the server? (warning: replaces your sshd_config)
[y/N]: 

Do you want the VPN to support Windows 10 clients? (requires RSA certificates and key exchange, less secure)
[y/N]: y

Do you want to retain the CA key? (required to add users in the future, but less secure)
[y/N]: 

PLAY [Configure the server] ****************************************************

TASK [setup] *******************************************************************
ok: [localhost]

TASK [Generate the SSH private key] ********************************************
ok: [localhost -> localhost]

TASK [Generate the SSH public key] *********************************************
ok: [localhost -> localhost]

TASK [Change mode for the SSH private key] *************************************
ok: [localhost -> localhost]

TASK [Ensure the dynamic inventory exists] *************************************
ok: [localhost]

TASK [cloud-ec2 : Locate official Ubuntu 16.04 AMI for region] *****************
ok: [localhost]

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [cloud-ec2 : Add ssh public key] ******************************************
ok: [localhost] => (item=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGSaI4POiDn+Z336Ybg38OBmGhsIEUKOArOL+CFHpCGOIMF3I2pe0g7vN0usClTkNBLeALFEOE/u8x3uIZ6IsV281Q4HRvJGV/6LmAeu/s7Ifk8GjFirV7BRx5mrUROBAuhUrEIlbyeP2QN7MrAnwuDrvElA+oPterD7uMInYhSlrta9tJ0U3FYSRHijRrGsthW0J4jedyPiGIezlSoS3qWwiqEpD5/DG4fsj32hyGJGAtVBusprBxuapTE1Op0VBrZrIt/E9KFTG9I+callmJjg0sNmOUjdFzR3CnO54F0jqBIIxFqV1Y4DlVpoDHxizRgEByF7EfIE6oWz2expLX algo@ssh)                                                                                                                                                                                               

TASK [cloud-ec2 : Configure EC2 virtual private clouds] ************************
ok: [localhost]

TASK [cloud-ec2 : Set up Public Subnets Route Table] ***************************
ok: [localhost]

TASK [cloud-ec2 : Configure EC2 security group] ********************************
ok: [localhost]

TASK [cloud-ec2 : Launch instance] *********************************************
ok: [localhost]

TASK [cloud-ec2 : Add new instance to host group] ******************************
changed: [localhost] => (item={u'kernel': None, u'root_device_type': u'ebs', u'private_dns_name': u'ip-172-16-254-49.eu-central-1.compute.internal', u'public_ip': u'35.156.181.105', u'private_ip': u'172.16.254.49', u'id': u'i-0fc78cbab502b962d', u'ebs_optimized': False, u'state': u'running', u'virtualization_type': u'hvm', u'architecture': u'x86_64', u'ramdisk': None, u'block_device_mapping': {u'/dev/sda1': {u'status': u'attached', u'delete_on_termination': True, u'volume_id': u'vol-0851e296efc14f3c9'}}, u'key_name': u'VPNKEY', u'image_id': u'ami-060cde69', u'tenancy': u'default', u'groups': {u'sg-09e94362': u'vpn-secgroup'}, u'public_dns_name': u'ec2-35-156-181-105.eu-central-1.compute.amazonaws.com', u'state_code': 16, u'tags': {u'Environment': u'Algo', u'Name': u'algo'}, u'placement': u'eu-central-1b', u'ami_launch_index': u'0', u'dns_name': u'ec2-35-156-181-105.eu-central-1.compute.amazonaws.com', u'region': u'eu-central-1', u'launch_time': u'2017-04-14T20:07:09.000Z', u'instance_type': u't2.micro', u'root_device_name': u'/dev/sda1', u'hypervisor': u'xen'})

TASK [cloud-ec2 : set_fact] ****************************************************
ok: [localhost]

TASK [cloud-ec2 : Get EC2 instances] *******************************************
ok: [localhost]

TASK [cloud-ec2 : Ensure the group ec2 exists in the dynamic inventory file] ***
ok: [localhost]

TASK [cloud-ec2 : Populate the dynamic inventory] ******************************
ok: [localhost] => (item={u'kernel': None, u'instance_profile': None, u'root_device_type': u'ebs', u'private_dns_name': u'ip-172-16-254-49.eu-central-1.compute.internal', u'spot_instance_request_id': None, u'source_destination_check': u'true', u'id': u'i-0fc78cbab502b962d', u'ebs_optimized': False, u'state': u'running', u'client_token': u'', u'virtualization_type': u'hvm', u'ramdisk': None, u'public_ip_address': u'35.156.181.105', u'block_device_mapping': [{u'status': u'attached', u'volume_id': u'vol-0851e296efc14f3c9', u'delete_on_termination': True, u'attach_time': u'2017-04-14T20:07:09.000Z', u'device_name': u'/dev/sda1'}], u'key_name': u'VPNKEY', u'interfaces': [{u'id': u'eni-d59bcaab', u'mac_address': u'06:28:22:45:fe:9b'}], u'image_id': u'ami-060cde69', u'groups': [{u'id': u'sg-09e94362', u'name': u'vpn-secgroup'}], u'public_dns_name': u'ec2-35-156-181-105.eu-central-1.compute.amazonaws.com', u'requester_id': None, u'tags': {u'Environment': u'Algo', u'Name': u'algo'}, u'monitoring_state': u'disabled', u'placement': {u'tenancy': u'default', u'zone': u'eu-central-1b'}, u'ami_launch_index': u'0', u'hypervisor': u'xen', u'region': u'eu-central-1', u'launch_time': u'2017-04-14T20:07:09.000Z', u'persistent': False, u'architecture': u'x86_64', u'private_ip_address': u'172.16.254.49', u'vpc_id': u'vpc-8e74fae6'})

TASK [Wait until SSH becomes ready...] *****************************************
ok: [localhost -> localhost]

TASK [A short pause, in order to be sure the instance is ready] ****************
Pausing for 10 seconds
(ctrl+C then 'C' = continue early, ctrl+C then 'A' = abort)
ok: [localhost]

TASK [Ensure the local ssh directory is exist] *********************************
ok: [localhost -> localhost]

TASK [Copy the algo ssh key to the local ssh directory] ************************
ok: [localhost -> localhost]

TASK [Configure the local ssh config] ******************************************
ok: [localhost -> localhost]

PLAY [Configure the server and install required software] **********************

TASK [Check the system] ********************************************************
fatal: [35.156.181.105]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Warning: Permanently added '35.156.181.105' (ECDSA) to the list of known hosts.\r\nPermission denied (publickey).\r\n", "unreachable": true}

PLAY RECAP *********************************************************************
35.156.181.105             : ok=0    changed=0    unreachable=1    failed=0   
localhost                  : ok=22   changed=1    unreachable=0    failed=0  

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions