Vagrant / ansible: fix Authentication or permission failure (Bonus: vim ansible/yaml highlight)

on under developer
2 minute read

Out Of Date Warning

This article was published on 08/10/2013, this means the content may be out of date or no longer relevant.
You should verify that the technical information in this article is still up to date before relying upon it for your own purposes.

Using ansible for some days now, I ran into this message lately after trying new Ubuntu base box:

default | FAILED => Authentication or permission failure.  In some cases, you may have been able to authenticate and did not have permissions on the remote directory. Consi
der changing the remote temp path in ansible.cfg to a path rooted in "/tmp". Failed command was: mkdir -p $HOME/.ansible/tmp/ansible-1381189172.28-176253922113900 && chmod
a+rx $HOME/.ansible/tmp/ansible-1381189172.28-176253922113900 && echo $HOME/.ansible/tmp/ansible-1381189172.28-176253922113900, exited with result 255

Strange is, vagrant ssh worked fine.

I used the diagnosis connect with ansible to find out the specific ssh command:

$ ansible default -m ping -i vagrant_ansible_inventory_default  --user=vagrant --private-key=~/.vagrant.d/insecure_private_key -vvv

<127.0.0.1> ESTABLISH CONNECTION FOR USER: vagrant
<127.0.0.1> EXEC ['ssh', '-tt', '-q', '-o', 'ControlMaster=auto', '-o', 'ControlPersist=60s', '-o', 'ControlPath=/profiles/swi/.ansible/cp/ansible-ssh-%h-%p-%r', '-o', 'Por
t=2200', '-o', 'IdentityFile=/profiles/swi/.vagrant.d/insecure_private_key', '-o', 'KbdInteractiveAuthentication=no', '-o', 'PreferredAuthentications=gssapi-with-mic,gssapi
-keyex,hostbased,publickey', '-o', 'PasswordAuthentication=no', '-o', 'User=vagrant', '-o', 'ConnectTimeout=10', '127.0.0.1', "/bin/sh -c 'mkdir -p $HOME/.ansible/tmp/ansib
le-1381189178.1-5190041942790 && chmod a+rx $HOME/.ansible/tmp/ansible-1381189178.1-5190041942790 && echo $HOME/.ansible/tmp/ansible-1381189178.1-5190041942790'"]

Typing out the ssh command and removing the -q (quiet) flag, I saw the error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
11:5d:55:29:8a:77:d8:08:b4:00:9b:a3:61:93:fe:e5.

Removing the key and reconnecting worked again.

BTW: some vim yaml highlight for ansible

As pointed out by invsblduck from the comments, there is now a vim bundle: https://github.com/chase/vim-ansible-yaml

Working in VIM, I took the freedom to improve my ansible specific vim-config:

Just put it somewhere in your vimrc/plugins loaded etc. It just highlights some ansible specific keys and $var / {{ $var }}.