Been trying to set up a staging server on a brand new Droplet for a while now. Cannot get it to provision while the production server and local site has been up and running for some time now. I get the error that the public key is not acccepted for the user admin. Well DO only sets up root initially and Trellis would set up admin no? So why can’t I get passed all this:
TASK [connection : Load become password] ************************************************************
task path: /Users/jasper/webdesign/domain.com/trellis/roles/connection/tasks/main.yml:50
ok: [xxx.xxx.xxx.xxx] => {"censored": "the output has been hidden due to the fact that 'no_log: true' was specified for this result"}
META: ran handlers
META: ran handlers
PLAY [Install prerequisites] ************************************************************************
META: ran handlers
TASK [Install Python 2.x] ***************************************************************************
task path: /Users/jasper/webdesign/domain.com/trellis/server.yml:17
<xxx.xxx.xxx.xxx> ESTABLISH SSH CONNECTION FOR USER: admin
<xxx.xxx.xxx.xxx> SSH: EXEC ssh -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s -o HostKeyAlgorithms=ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=admin -o ConnectTimeout=10 -o ControlPath=/Users/jasper/.ansible/cp/3fbaecdf22 -tt xxx.xxx.xxx.xxx 'sudo -H -S -p "[sudo via ansible, key=bpnidmdvrffjwxyldycmsqwpubhbmryr] password: " -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-bpnidmdvrffjwxyldycmsqwpubhbmryr; which python || sudo apt-get update && sudo apt-get install -qq -y python-simplejson'"'"''
<xxx.xxx.xxx.xxx> (255, '', 'admin@xxx.xxx.xxx.xxx: Permission denied (publickey).\r\n')
System info:
Ansible 2.3.2.0; Darwin
Trellis at "Accommodate deploy hook vars formatted as lists of includes"
---------------------------------------------------
Failed to connect to the host via ssh: admin@xxx.xxx.xxx.xxx: Permission
denied (publickey).
fatal: [xxx.xxx.xxx.xxx]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}
to retry, use: --limit @/Users/jasper/webdesign/publiqly.com/trellis/server.retry
PLAY RECAP ******************************************************************************************
xxx.xxx.xxx.xxx : ok=4 changed=0 unreachable=1 failed=0
localhost : ok=0 changed=0 unreachable=0 failed=0
And here the verbose log:
Failed to connect to the host via ssh: OpenSSH_7.6p1, LibreSSL 2.6.2
debug1: Reading configuration data /Users/jasper/.ssh/config
debug1: /Users/jasper/.ssh/config line 69: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/jasper/.ansible/cp/7067d6e622" does not exist
debug2: resolving "xxx.xxx.x.xxx" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xxx.xxx.x.xxx [xxx.xxx.x.xxx] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug3: timeout: 9483 ms remain after connect
debug1: identity file /Users/jasper/.ssh/id_rsa type 0
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/jasper/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.2p2
Ubuntu-4ubuntu2.2
debug1: match: OpenSSH_7.2p2 Ubuntu-4ubuntu2.2 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xxx.xxx.x.xxx:22 as 'admin'
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-
sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-
exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-
hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ssh-rsa-
cert-v01@openssh.com,ssh-ed25519,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes
256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes
256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-
sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-
sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-
sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-
sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-
sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-
hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-
sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes
256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes
256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-
sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-
sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-
sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-
sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
<implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-ed25519
SHA256:OjjAsHwOui3Ql1XN+VQBNIB/dR9zgU60rrH4oHl8SnM
debug3: hostkeys_foreach: reading file "/Users/jasper/.ssh/known_hosts"
debug3: record_hostkey: found key type ED25519 in file
/Users/jasper/.ssh/known_hosts:85
debug3: load_hostkeys: loaded 1 keys from xxx.xxx.x.xxx
debug1: Host 'xxx.xxx.x.xxx' is known and matches the ED25519 host key.
debug1: Found key in /Users/jasper/.ssh/known_hosts:85
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey after 134217728 blocks
debug2: key: /Users/jasper/.ssh/id_rsa (0x7ff284500150), agent
debug2: key: /Users/jasper/.ssh/id_dsa (0x0)
debug2: key: /Users/jasper/.ssh/id_ecdsa (0x0)
debug2: key: /Users/jasper/.ssh/id_ed25519 (0x0)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug3: start over, passed a different list publickey
debug3: preferred gssapi-with-mic,gssapi-keyex,hostbased,publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred: ,gssapi-keyex,hostbased,publickey
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: RSA
SHA256:ArFCaVQs4Kf9z+k6cTecYuHO61GpaS3LgJEZMpOdZvM /Users/jasper/.ssh/id_rsa
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey
debug1: Trying private key: /Users/jasper/.ssh/id_dsa
debug3: no such identity: /Users/jasper/.ssh/id_dsa: No such file or
directory
debug1: Trying private key: /Users/jasper/.ssh/id_ecdsa
debug3: no such identity: /Users/jasper/.ssh/id_ecdsa: No such file or
directory
debug1: Trying private key: /Users/jasper/.ssh/id_ed25519
debug3: no such identity: /Users/jasper/.ssh/id_ed25519: No such file or
directory
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
admin@xxx.xxx.x.xxx: Permission denied (publickey).
fatal: [xxx.xxx.x.xxx]: UNREACHABLE! => {
"changed": false,
"unreachable": true
}
to retry, use: --limit @/Users/jasper/webdesign/domain.com/trellis/server.retry
PLAY RECAP ******************************************************************************************
xxx.xxx.x.xxx : ok=4 changed=0 unreachable=1 failed=0
localhost : ok=0 changed=0 unreachable=0 failed=0
PS with ansible_user=root
I do manage, but that causes other issues later on…