Second provision fails: Timeout (12s) waiting for privilege escalation prompt


I’ve recently started updating a kinda outdated project with the Roots setup (still running on Ubuntu 16.04).
I have:

  • updated to the latest Trellis version
  • created a new droplet (Ubuntu 20.04) on Digital Ocean
  • changed hosts to new IP
  • provisioned & deployed to new server (with letsencrypt disabled)

This all went smoothly and the new server works but after the DNS change I enabled SSL and try to reprovision and now it fails (with and without SSL) with this error:

Timeout (12s) waiting for privilege escalation prompt:
fatal: []: FAILED! => {}

And with -vvv:

System info:
Ansible 2.9.10; Darwin
Trellis version (per changelog): "Fix #1277 - Disable PHP CLI memory limit"

Failed to connect to the host via ssh: OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/Username/.ssh/config
debug1: /Users/****/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug2: resolve_canonicalize: hostname **.***.*** is address
debug1: auto-mux: Trying existing master
debug1: Control socket "/Users/Username/.ansible/cp/665d4b4dc7" does not exist
debug2: ssh_connect_direct
debug1: Connecting to **.***.*** [**.***.***] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: connect to address **.***.*** port 22: Connection refused
ssh: connect to host **.***.*** port 22: Connection refused
fatal: [**.***.***]: UNREACHABLE! => {
  "changed": false,
  "unreachable": true

After this my ssh access gets denied:

Failed to connect to the host via ssh: ssh: connect to host **.***.*** port
22: Connection refused
fatal: [**.***.***]: UNREACHABLE! => {
    "changed": false,
    "unreachable": true

After a while I can access the server with SSH ssh admin@**.***.*** so the SSH access does not seem to be the issue.

Note: the local vagrant box works perfectly fine.

Anyone has had the same problems?

Something seems to be going wrong with sshd.
On a new droplet and changing the settings to:

sshd_permit_root_login: true

Now I can re-provision. I should be able to re-provsion with sshd root login though.

1 Like

I’m also getting exactly the same issue (using Ansible 2.9.8) + Trellis 1.8 + DO 20.04 Droplet but preceeding steps are slightly different, although DNS changes are likely related.

I think the issue for me, started when I tried to provision a different project onto the same Digital Ocean 20.04 server. E.g 2 Staging sites on 1 server (which can be done although I know it’s not recommended - but for the sake of a staging server it’s OK). During my second provision I used:

  • Different SIte Keys’
  • The same staging server IP
  • The admin user / sudo credentials used from the site that was provisioned first.

The second site provision attempt failed though so I gave up. Even though the second attempt failed, when I went back to my first site to run a routine re-provision it’s also now broken.

The errors I’m getting are exactly the same as the OP when provisioning the first project. The most frustrating issue is that I get time-outs out of SSHing on the second attempt.

Finally, changing the sshd_permit_root_login to true does not fix this issue for me, but thanks to the OP for mentioning this.

Well I tried provisioning with Ansible 2.9.10 it worked. 2.9.4 failed and 2.9.8 failed.

In my case I had to use sshd_permit_root_login: false (my first provision used this setting anyway, so in my case allowing root was not possible anyway).

Having a VPN was quite useful because otherwise my IP was getting banned. This allowed me to keep testing my changes against the first error message from the OP. The second error is when you’ve been.

I still have no idea what caused this though…

This topic was automatically closed after 42 days. New replies are no longer allowed.