Ansible throwing“无法通过ssh连接到主机：权限被拒绝（publickey）”。错误与远程连接

Question

我有以下剧本：

- hosts: localhost 
    connection: local 
    remote_user: test 
    gather_facts: no 

    vars_files: 
    - files/aws_creds.yml 
    - files/info.yml 

    environment: 
    AWS_ACCESS_KEY_ID: "{{ aws_id }}" 
    AWS_SECRET_ACCESS_KEY: "{{ aws_key }}" 
    s3cmd_access_key: "{{ aws_id }}" 
    s3cmd_secret_key: "{{ aws_key }}" 

    tasks: 
    - name: Basic provisioning of EC2 instance 
     ec2: 
     assign_public_ip: no 
     aws_access_key: "{{ aws_id }}" 
     aws_secret_key: "{{ aws_key }}" 
     region: "{{ aws_region }}" 
     image: "{{image_instance }}" 
     instance_type: "{{ free_instance }}" 
     key_name: "{{ ssh_keyname }}" 
     count: 3 
     state: present 
     group_id: "{{ secgroup_id }}" 
     vpc_subnet_id: "{{ private_subnet_id }}" 
     wait: no 
     instance_tags: 
      Name: Dawny33Template 
     #delete_on_termination: yes 
     register: ec2 


    - name: Add new instance to host group 
     add_host: 
     hostname: "{{ item.private_ip }}" 
     groupname: launched 
     with_items: "{{ ec2.instances }}" 

    - name: Wait for SSH to come up 
     wait_for: 
     host: "{{ item.private_ip }}" 
     port: 22 
     delay: 60 
     timeout: 320 
     state: started 
     with_items: "{{ ec2.instances }}" 

- hosts: launched 
    sudo: true 
    remote_user: test 
    gather_facts: yes 

    vars_files: 
    - files/aws_creds.yml 
    - files/info.yml 

    environment: 
    AWS_ACCESS_KEY_ID: "{{ aws_id }}" 
    AWS_SECRET_ACCESS_KEY: "{{ aws_key }}" 
    s3cmd_access_key: "{{ aws_id }}" 
    s3cmd_secret_key: "{{ aws_key }}" 

    tasks: 
    - name: Add file system for the volume 
     command: mkfs -t ext4 /dev/xvdb 
     sudo: yes 

    - name: Create a directory for mounting 
     command: mkdir /home/ec2-user/EncryptedEBS 

    - name: Mount the volume 
     command: mount /dev/xvdb /home/ec2-user/EncryptedEBS 
     sudo: yes 

    - name: Owning the mounted folder 
     command: chown ec2-user /home/ec2-user/EncryptedEBS/lost+found/ 
     sudo: yes 

    - name: check out a git repository 
     git: repo={{ repo_url }} dest=/home/ec2-user/EncryptedEBS/GitRepo accept_hostkey=yes force=yes 
     vars: 
     repo_url: https://github.com/Dawny33/AnsibleExperiments 
     become: yes 


    - name: Go to the folder and execute command 
     command: chmod 0755 /home/ec2-user/EncryptedEBS/GitRepo/processing.py 
     become: yes 
     become_user: root 

    - name: Run Py script 
     command: /home/ec2-user/EncryptedEBS/GitRepo/processing.py {{ N }} {{ bucket_name }} 
     become: yes 
     become_user: root 

不过，我得到了“Permission denied”错误，当Ansible试图连接到我的远程主机，即使我已经定义了ENV。变量在environment

有什么我在这里做错了吗？

错误：

fatal: [10.0.1.62]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 
fatal: [10.0.1.177]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 
fatal: [10.0.1.151]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 

添加完整-vvv输出：

Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py 
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py 
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `") && sleep 0'"'"'' 
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `") && sleep 0'"'"'' 
Using module file /usr/local/lib/python2.7/site-packages/ansible/modules/core/system/setup.py 
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `") && sleep 0'"'"'' 
<10.0.1.170> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `") && sleep 0'...), pausing for 0 seconds 
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `") && sleep 0'"'"'' 
<10.0.1.11> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `") && sleep 0'...), pausing for 0 seconds 
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `") && sleep 0'"'"'' 
<10.0.1.45> ssh_retry: attempt: 0, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `") && sleep 0'...), pausing for 0 seconds 
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `") && sleep 0'"'"'' 
<10.0.1.170> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `") && sleep 0'...), pausing for 1 seconds 
<10.0.1.11> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `") && sleep 0'...), pausing for 1 seconds 
<10.0.1.45> ssh_retry: attempt: 1, ssh return code is 255. cmd (/bin/sh -c '(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `") && sleep 0'...), pausing for 1 seconds 
<10.0.1.170> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.170> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.170 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `" && echo ansible-tmp-1487158610.11-137345507492691="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-137345507492691 `") && sleep 0'"'"'' 
<10.0.1.11> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.11> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.11 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `" && echo ansible-tmp-1487158610.11-2307895121172="` echo ~/.ansible/tmp/ansible-tmp-1487158610.11-2307895121172 `") && sleep 0'"'"'' 
<10.0.1.45> ESTABLISH SSH CONNECTION FOR USER: ec2-user 
<10.0.1.45> SSH: EXEC ssh -o ForwardAgent=yes -o StrictHostKeyChecking=no -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=ec2-user -o ConnectTimeout=10 10.0.1.45 '/bin/sh -c '"'"'(umask 77 && mkdir -p "` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `" && echo ansible-tmp-1487158610.12-3620848798638="` echo ~/.ansible/tmp/ansible-tmp-1487158610.12-3620848798638 `") && sleep 0'"'"'' 
fatal: [10.0.1.11]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 
fatal: [10.0.1.170]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 
fatal: [10.0.1.45]: UNREACHABLE! => { 
    "changed": false, 
    "msg": "Failed to connect to the host via ssh: Permission denied (publickey).\r\n", 
    "unreachable": true 
} 

Answer 1

在这里，我不知道为什么，关键是甚至没有允许手动SSH。所以，我生成了一个新的密钥（pem文件）并使用它。 [Manual ssh worked with that file]

现在的问题主要表现在以下块：

- hosts: launched 
    sudo: true 
    remote_user: test 
    gather_facts: yes 

我编辑它是：

- hosts: launched 
    sudo: no 
    connection: ssh 
    remote_user: ec2-user 
    gather_facts: yes 

和它的工作。原因必须是明显的。连接必须是ssh而不是local，用户名应为ec2-user（对于Amazon Linux实例）和Ubuntu（对于Ubuntu实例）。

Answer 2

不要忘记，当您使用ec2.py你应该先加你的PEM，像这样：

ssh-add /home/yourusername/.ssh/your.pem 

Answer 3

使用ssh-keygen工具 SSH生成公钥和复制的〜/ .ssh /将id_rsa.pub键转换为〜/ .ssh/authorized_keys文件。