ssh - ansible - "sudo: a password is required\r\n" -


quick question

i have setup ubuntu server user named test. copy authorized_keys it, can ssh no problem. if $ ansible -m ping ubu1, no problem response

    <i><p>ubu1 | success => {         <br>"changed": false,          <br>"ping": "pong"     <br>}</i>

what dont this, if do

$ ansible-playbook -vvvv playbooks/htopinstall.yml 

fatal: [ubu1]: failed! => {"changed": false, "failed": true, "invocation": {"module_name": "setup"}, "module_stderr": "openssh_7.2p2 ubuntu-4ubuntu2.1, openssl 1.0.2g-fips  1 mar 2016\r\ndebug1: reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: applying options *\r\ndebug1: auto-mux: trying existing master\r\ndebug2: fd 3 setting o_nonblock\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 6109\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\ndebug3: mux_client_read_packet: read header failed: broken pipe\r\ndebug2: received exit status master 1\r\nshared connection 192.168.1.112 closed.\r\n", "module_stdout": "sudo: password required\r\n", "msg": "module failure", "parsed": false}

if $ ansible-playbook --ask-sudo-pass playbooks/htopinstall.yml, ask user password , play success.

if rename authorized_keys tells me "failed connect host via ssh." ok. dont understand why asking sudo password. definetly missed along way.

my ansible.cfg file looks this

[defaults] nocows = 1 inventory = ./playbooks/hosts remote_user = test private_key_file = /home/test/.ssh/id_ubu host_key_checking = false

my hosts file looks this

[servers] ubu1 ansible_ssh_host=192.168.1.112 ansible_ssh_user=test

what dont understand why asking sudo password.

we can't without seeing playbook, it's because a) playbook asks ansible run particular command sudo (via sudo or become directives) , b) test user not have password-less sudo enabled.

it sounds aware of (a) confused (b); specifically, i'm picking don't understand difference between ssh authentication , sudo authentication. again, without more information can't confirm if case, i'll take stab @ explaining in case guessed correctly.

when connect machine via ssh, there 2 primary ways in sshd authenticates , allows log in particular user. first ask account's password, hands off system, , allows login if correct. second through public-key cryptography, in prove have access private key corresponds public key fingerprint in ~/.ssh/authorized_keys. passing sshd's authentication checks gives shell on machine.

when invoke command sudo, you're asking sudo elevate privileges beyond account gets. entirely different system, rules defined in /etc/sudoers (which should edit using sudo visudo) control users allowed use sudo, commands should able run, whether need re-enter password or not when using command, , variety of other configuration options.

when run playbook normally, ansible presented sudo prompt , doesn't know how continue - doesn't know account password. that's why --ask-sudo-pass exists: you're giving password ansible can pass on sudo when prompted. if don't want have type every time , you've decided it's within security parameters allow logged in test user perform action root, can consult man sudoers on how set passwordless sudo account.


-

Comments

Post a Comment

Popular posts from this blog

amazon web services - S3 Pre-signed POST validate file type? -

i know it's possible put limit on file size content-length-range header. possible validate file type? https://docs.aws.amazon.com/amazons3/latest/dev/httppostforms.html#policyconditions i see there content-type header, if set say, audio/mp3 allow mp3 files , return error if file not mp3? i found previous question answers mention validating file size: s3 direct upload restricting file size , type you can specify content-type @ post request. you can specify @ signature, post must done content-type: { "expiration": "2007-12-01t12:00:00.000z", "conditions": [ {"acl": "public-read" }, {"bucket": "johnsmith" }, {"content-type: "audio/mp3"} ] } creating html form (using aws signature version 4) edit: @ previous question found, checking content-type.
Read more

c# - Check Keyboard Input Winforms -

i wondering if instead of doing this protected override void onkeydown(keyeventargs e) { if (e.keycode == keys.a) console.writeline("the key down."); } i set bool method , this: if(keydown(keys.a)) // whatever here i've been sitting here ages trying figure out how it. can't wrap head around it. in case wondering, plan call bool inside different method, check input. since want perform action after pressing key, using keydown event enough. but in cases suppose want check if specific key down in middle of process, can use getkeystate method way: [dllimport("user32.dll", charset = charset.auto, exactspelling = true)] public static extern short getkeystate(int keycode); public const int key_pressed = 0x8000; public static bool iskeydown(keys key) { return convert.toboolean(getkeystate((int)key) & key_pressed); } you should know, each time check key state using example iskeydown(keys.a) method returns true if ke...
Read more