This was recently resolved in https://github.com/ansible/ansible/pull/23710
and will be included in an eventual 2.3.1 release.
On Wed, Apr 19, 2017 at 3:29 PM, Stefan Klatt <stefan.kl...@cac-netzwerk.de>
wrote:
> Hi,
>
> did anybody read my message?
>
> Regards
>
> Stefan
>
> Am 17.04.2017 um 18:13 schrieb Stefan Klatt:
> > Hi
> >
> > from ansible 1.9 till 2.2.2.0 on centos 7 privilege escalation works
> > really fine. I could access a server with a non privileged user and a
> > ssh key authentication and use as last step the privilege escalation
> > with su.
> >
> > But with 2.3 I found this doesn't work any more.
> > The ssh connection to the server works, I see the server accepts the
> > public key for user "ansible", but after this ansible tries to do the
> > privilege escalation to user root and hangs. I think it waits for the
> > password. If I start the last code manual, it asks for it as the next
> step.
> >
> > Other point:
> > Ansible ignores the host configuration for become and become_method if I
> > don't set them at ansible.cfg.
> >
> > Paramiko doesn't work too. I tried it, same effect. There I have
> > additionally the problem that paramiko has it's own key storage and
> > stops (no input possible to the quest if want to add the key) if the key
> > is not there (I know the option "host_key_auto_add").
> > I think the handling should be optimized.
> >
> > ansible.cfg (all other options after this are remarked):
> >
> > [privilege_escalation]
> > become=True
> > #become_method=sudo
> > become_method=su
> > #become_user=root
> > #become_ask_pass=False
> >
> > host configuration:
> >
> > ansible_become: yes
> > ansible_become_user: root
> > ansible_become_pass: XXXXX
> > ansible_become_methode: su
> > ansible_connection: ssh
> >
> >
> > here the logs:
> >
> > [root@ansible host_vars]# ansible kronos.cac.local -m ping -vvvvv
> > Using /etc/ansible/ansible.cfg as config file
> > Loading callback plugin minimal of type stdout, v2.0 from
> > /usr/lib/python2.7/site-packages/ansible/plugins/callback/__init__.pyc
> > META: ran handlers
> > Using module file
> > /usr/lib/python2.7/site-packages/ansible/modules/system/ping.py
> > <kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
> > <kronos.cac.local> SSH: ansible.cfg set ssh_args:
> > (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
> > <kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
> > (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=
> gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(
> PasswordAuthentication=no)
> > <kronos.cac.local> SSH:
> > ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set:
> (-o)(User=ansible)
> > <kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set:
> (-o)(ConnectTimeout=10)
> > <kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
> > <kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
> > <kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
> > (-o)(ControlPath=/root/.ansible/cp/25edd394cf)
> > <kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
> > ControlPersist=60s -o KbdInteractiveAuthentication=no -o
> > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,
> hostbased,publickey
> > -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
> > ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
> > '"'"'echo ~ && sleep 0'"'"''
> > <kronos.cac.local> (0, '/home/ansible\n', 'OpenSSH_6.6.1, OpenSSL
> > 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading configuration data
> > /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
> > options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug1:
> > Control socket "/root/.ansible/cp/25edd394cf" does not exist\r\ndebug2:
> > ssh_connect: needpriv 0\r\ndebug1: Connecting to kronos.cac.local
> > [192.168.76.22] port 22.\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug1:
> > fd 3 clearing O_NONBLOCK\r\ndebug1: Connection established.\r\ndebug3:
> > timeout: 10000 ms remain after connect\r\ndebug1: permanently_set_uid:
> > 0/0\r\ndebug3: Incorrect RSA1 identifier\r\ndebug3: Could not load
> > "/root/.ssh/id_rsa" as a RSA1 public key\r\ndebug1: identity file
> > /root/.ssh/id_rsa type 1\r\ndebug1:
> > identity file /root/.ssh/id_rsa-cert type -1\r\ndebug1: identity file
> > /root/.ssh/id_dsa type -1\r\ndebug1: identity file
> > /root/.ssh/id_dsa-cert type -1\r\ndebug1: identity file
> > /root/.ssh/id_ecdsa type -1\r\ndebug1: identity file
> > /root/.ssh/id_ecdsa-cert type -1\r\ndebug1: identity file
> > /root/.ssh/id_ed25519 type -1\r\ndebug1: identity file
> > /root/.ssh/id_ed25519-cert type -1\r\ndebug1: Enabling compatibility
> > mode for protocol 2.0\r\ndebug1: Local version string
> > SSH-2.0-OpenSSH_6.6.1\r\ndebug1: Remote protocol version 2.0, remote
> > software version OpenSSH_6.6.1\r\ndebug1: match: OpenSSH_6.6.1 pat
> > OpenSSH_6.6.1* compat 0x04000000\r\ndebug2: fd 3 setting
> > O_NONBLOCK\r\ndebug3: load_hostkeys: loading entries for host
> > "kronos.cac.local" from file "/root/.ssh/known_hosts"\r\ndebug3:
> > load_hostkeys: found key type ECDSA in file
> > /root/.ssh/known_hosts:13\r\ndebug3: load_hostkeys: loaded 1
> > keys\r\ndebug3: order_hostkeyalgs: prefer hostkeyalgs:
> > ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-
> nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521\r\ndebug1:
> > SSH2_MSG_KEXINIT sent\r\ndebug1: SSH2_MSG_KEXINIT received\r\ndebug2:
> > kex_parse_kexinit:
> > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
> sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
> group14-sha1,diffie-hellman-group1-sha1\r\ndebug2:
> > kex_parse_kexinit:
> > ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-
> nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com
> ,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-
> ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ss
> h-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-
> dss-cert-...@openssh.com,ssh-ed25519,ssh-rsa,ssh-dss\r\ndebug2:
> > kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se\r\ndebug2:
> > kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se\r\ndebug2:
> > kex_parse_kexinit:
> > hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-
> e...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-
> e...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,
> umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,
> hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,
> hmac-sha1-96,hmac-md5-96\r\ndebug2:
> > kex_parse_kexinit:
> > hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-
> e...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-
> e...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,
> umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,
> hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,
> hmac-sha1-96,hmac-md5-96\r\ndebug2:
> > kex_parse_kexinit: z...@openssh.com,zlib,none\r\ndebug2:
> > kex_parse_kexinit: z...@openssh.com,zlib,none\r\ndebug2:
> > kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: \r\ndebug2:
> > kex_parse_kexinit: first_kex_follows 0 \r\ndebug2: kex_parse_kexinit:
> > reserved 0 \r\ndebug2: kex_parse_kexinit:
> > curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-
> nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-
> sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-
> group14-sha1,diffie-hellman-group1-sha1\r\ndebug2:
> > kex_parse_kexinit: ssh-rsa,ecdsa-sha2-nistp256\r\ndebug2:
> > kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se\r\ndebug2:
> > kex_parse_kexinit:
> > aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes1
> 28-...@openssh.com,aes256-...@openssh.com,chacha20-poly1...@openssh.com
> ,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,
> aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se\r\ndebug2:
> > kex_parse_kexinit:
> > hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-
> e...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-
> e...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,
> umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,
> hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,
> hmac-sha1-96,hmac-md5-96\r\ndebug2:
> > kex_parse_kexinit:
> > hmac-md5-...@openssh.com,hmac-sha1-...@openssh.com,umac-64-
> e...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,
> hmac-sha2-512-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-
> e...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-sha1,
> umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,
> hmac-sha2-512,hmac-ripemd160,hmac-ripemd...@openssh.com,
> hmac-sha1-96,hmac-md5-96\r\ndebug2:
> > kex_parse_kexinit: none,z...@openssh.com\r\ndebug2: kex_parse_kexinit:
> > none,z...@openssh.com\r\ndebug2: kex_parse_kexinit: \r\ndebug2:
> > kex_parse_kexinit: \r\ndebug2: kex_parse_kexinit: first_kex_follows 0
> > \r\ndebug2: kex_parse_kexinit: reserved 0 \r\ndebug2: mac_setup: setup
> > hmac-md5-...@openssh.com\r\ndebug1: kex: server->client aes128-ctr
> > hmac-md5-...@openssh.com z...@openssh.com\r\ndebug2: mac_setup: setup
> > hmac-md5-...@openssh.com\r\ndebug1: kex: client->server aes128-ctr
> > hmac-md5-...@openssh.com z...@openssh.com\r\ndebug1: kex:
> > curve25519-sha...@libssh.org need=16 dh_need=16\r\ndebug1: kex:
> > curve25519-sha...@libssh.org need=16 dh_need=16\r\ndebug1: sending
> > SSH2_MSG_KEX_ECDH_INIT\r\ndebug1: expecting
> > SSH2_MSG_KEX_ECDH_REPLY\r\ndebug1: Server host key: ECDSA
> > XX:XX:XX:XX:XX:XX:XX:XX:XX:XX\r\ndebug3: load_hostkeys: loading entries
> > for host "kronos.cac.local" from file
> > "/root/.ssh/known_hosts"\r\ndebug3: load_hostkeys: found
> > key type ECDSA in file /root/.ssh/known_hosts:13\r\ndebug3:
> > load_hostkeys: loaded 1 keys\r\ndebug3: load_hostkeys: loading entries
> > for host "192.168.76.22" from file "/root/.ssh/known_hosts"\r\ndebug3:
> > load_hostkeys: found key type ECDSA in file
> > /root/.ssh/known_hosts:3\r\ndebug3: load_hostkeys: loaded 1
> > keys\r\ndebug1: Host \'kronos.cac.local\' is known and matches the ECDSA
> > host key.\r\ndebug1: Found key in /root/.ssh/known_hosts:13\r\ndebug1:
> > ssh_ecdsa_verify: signature correct\r\ndebug2: kex_derive_keys\r\ndebug2:
> > set_newkeys: mode 1\r\ndebug1: SSH2_MSG_NEWKEYS sent\r\ndebug1:
> > expecting SSH2_MSG_NEWKEYS\r\ndebug2: set_newkeys: mode 0\r\ndebug1:
> > SSH2_MSG_NEWKEYS received\r\ndebug1: SSH2_MSG_SERVICE_REQUEST
> > sent\r\ndebug2: service_accept: ssh-userauth\r\ndebug1:
> > SSH2_MSG_SERVICE_ACCEPT received\r\ndebug2: key: /root/.ssh/id_rsa
> > (0x7f6c8c9e4f30),\r\ndebug2: key: /root/.ssh/id_dsa ((nil)),\r\ndebug2:
> > key: /root/.ssh/id_ecdsa ((nil)),\r\ndebug2: key: /root/.ssh/id_ed25519
> > ((nil)),\r\ndebug1: Authentications that can continue:
> > publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: start over,
> > passed a different list
> > publickey,gssapi-keyex,gssapi-with-mic,password\r\ndebug3: preferred
> > gssapi-with-mic,gssapi-keyex,hostbased,publickey\r\ndebug3:
> > authmethod_lookup gssapi-with-mic\r\ndebug3:
> > remaining preferred: gssapi-keyex,hostbased,publickey\r\ndebug3:
> > authmethod_is_enabled gssapi-with-mic\r\ndebug1: Next authentication
> > method: gssapi-with-mic\r\ndebug1: Unspecified GSS failure. Minor code
> > may provide more information\nNo Kerberos credentials available (default
> > cache: KEYRING:persistent:0)\n\r\ndebug1: Unspecified GSS failure.
> > Minor code may provide more information\nNo Kerberos credentials
> > available (default cache: KEYRING:persistent:0)\n\r\ndebug2: we did not
> > send a packet, disable method\r\ndebug3: authmethod_lookup
> > gssapi-keyex\r\ndebug3: remaining preferred:
> > hostbased,publickey\r\ndebug3: authmethod_is_enabled
> > gssapi-keyex\r\ndebug1: Next authentication method:
> > gssapi-keyex\r\ndebug1: No valid Key exchange context\r\ndebug2: we did
> > not send a packet, disable method\r\ndebug3: authmethod_lookup
> > publickey\r\ndebug3: remaining preferred: ,publickey\r\ndebug3:
> > authmethod_is_enabled publickey\r\ndebug1: Next authentication method:
> > publickey\r\ndebug1: Offering RSA public key:
> > /root/.ssh/id_rsa\r\ndebug3: send_pubkey_test\r\ndebug2: we sent a
> > publickey packet, wait for reply\r\ndebug1: Server accepts key: pkalg
> > ssh-rsa blen 279\r\ndebug2: input_userauth_pk_ok: fp
> > be:f1:a1:1c:0f:fb:3a:ff:f2:7a:80:8e:d9:94:7c:a0\r\ndebug3:
> > sign_and_send_pubkey: RSA XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX\r\ndebug1:
> > key_parse_private2: missing begin marker\r\ndebug1: read PEM private key
> > done: type RSA\r\ndebug1: Enabling compression at level 6.\r\ndebug1:
> > Authentication succeeded (publickey).\r\nAuthenticated to
> > kronos.cac.local ([192.168.76.22]:22).\r\ndebug1: setting up multiplex
> > master socket\r\ndebug3: muxserver_listen: temporary control path
> > /root/.ansible/cp/25edd394cf.zeNNJ0Eut3wdd1A6\r\ndebug2: fd 4 setting
> > O_NONBLOCK\r\ndebug3: fd 4 is O_NONBLOCK\r\ndebug3: fd 4 is
> > O_NONBLOCK\r\ndebug1: channel 0: new
> > [/root/.ansible/cp/25edd394cf]\r\ndebug3: muxserver_listen: mux listener
> > channel 0 fd 4\r\ndebug2: fd 3 setting TCP_NODELAY\r\ndebug3:
> > packet_set_tos: set IP_TOS 0x08\r\ndebug1: control_persist_detach:
> > backgrounding master process\r\ndebug2: control_persist_detach:
> > background process is 20385\r\ndebug2: fd 4 setting
> > O_NONBLOCK\r\ndebug1: forking to background\r\ndebug1: Entering
> > interactive session.\r\ndebug2: set_control_persist_exit_time: schedule
> > exit in 60 seconds\r\ndebug1: multiplexing control connection\r\ndebug2:
> > fd 5 setting O_NONBLOCK\r\ndebug3: fd 5 is O_NONBLOCK\r\ndebug1: channel
> > 1: new [mux-control]\r\ndebug3: channel_post_mux_listener: new mux
> > channel 1 fd 5\r\ndebug3: mux_master_read_cb: channel 1: hello
> > sent\r\ndebug2: set_control_persist_exit_time: cancel scheduled
> > exit\r\ndebug3: mux_master_read_cb: channel 1 packet type 0x00000001 len
> > 4\r\ndebug2: process_mux_master_hello: channel 1 slave version
> > 4\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3:
> > mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
> > mux_client_request_session: entering\r\ndebug3:
> > mux_client_request_alive: entering\r\ndebug3: mux_master_read_cb:
> > channel 1 packet type 0x10000004 len 4\r\ndebug2:
> > process_mux_alive_check: channel 1: alive check\r\ndebug3:
> > mux_client_request_alive: done pid = 20387\r\ndebug3:
> > mux_client_request_session: session request sent\r\ndebug3:
> > mux_master_read_cb: channel 1 packet type 0x10000002 len 91\r\ndebug2:
> > process_mux_new_session: channel 1: request tty 0, X 0, agent 0, subsys
> > 0, term "xterm", cmd "/bin/sh -c \'echo ~ && sleep 0\'", env
> > 1\r\ndebug3: process_mux_new_session: got fds stdin 6, stdout 7, stderr
> > 8\r\ndebug2: fd 7 setting O_NONBLOCK\r\ndebug2: fd 8 setting
> > O_NONBLOCK\r\ndebug1: channel 2: new [client-session]\r\ndebug2:
> > process_mux_new_session: channel_new: 2 linked to control channel
> > 1\r\ndebug2: channel 2: send open\r\ndebug2: callback start\r\ndebug2:
> > client_session2_setup: id 2\r\ndebug1: Sending environment.\r\ndebug1:
> > Sending env LANG = de_DE.UTF-8\r\ndebug2: channel 2: request env confirm
> > 0\r\ndebug1: Sending command: /bin/sh -c \'echo ~ && sleep
> > 0\'\r\ndebug2: channel 2: request exec confirm 1\r\ndebug3:
> > mux_session_confirm: sending success reply\r\ndebug2: callback
> > done\r\ndebug2: channel 2: open confirm rwindow 0 rmax 32768\r\ndebug1:
> > mux_client_request_session: master session id: 2\r\ndebug2: channel 2:
> > rcvd adjust 2097152\r\ndebug2: channel_input_status_confirm:
> > type 99 id 2\r\ndebug2: exec request accepted on channel 2\r\ndebug1:
> > client_input_channel_req: channel 2 rtype exit-status reply 0\r\ndebug3:
> > mux_exit_message: channel 2: exit message, exitval 0\r\ndebug1:
> > client_input_channel_req: channel 2 rtype e...@openssh.com reply
> > 0\r\ndebug2: channel 2: rcvd eow\r\ndebug2: channel 2:
> > close_read\r\ndebug2: channel 2: input open -> closed\r\ndebug2: channel
> > 2: rcvd eof\r\ndebug2: channel 2: output open -> drain\r\ndebug2:
> > channel 2: obuf empty\r\ndebug2: channel 2: close_write\r\ndebug2:
> > channel 2: output drain -> closed\r\ndebug2: channel 2: rcvd
> > close\r\ndebug3: channel 2: will not send data after close\r\ndebug2:
> > channel 2: send close\r\ndebug2: channel 2: is dead\r\ndebug2: channel
> > 2: gc: notify user\r\ndebug3: mux_master_session_cleanup_cb: entering
> > for channel 2\r\ndebug2: channel 1: rcvd close\r\ndebug2: channel 1:
> > output open -> drain\r\ndebug2: channel 1: close_read\r\ndebug2: channel
> > 1: input open -> closed\r\ndebug2: channel 2: gc: user
> > detached\r\ndebug2: channel 2: is dead\r\ndebug2: channel 2: garbage
> > collecting\r\ndebug1: channel 2: free: client-session, nchannels
> > 3\r\ndebug3: channel 2: status: The following connections are open:\r\n
> > #2 client-session (t4 r0 i3/0 o3/0 fd -1/-1 cc -1)\r\n\r\ndebug2:
> > channel 1: obuf empty\r\ndebug2: channel 1: close_write\r\ndebug2:
> > channel 1: output drain -> closed\r\ndebug2: channel 1: is dead
> > (local)\r\ndebug2: channel 1: gc: notify user\r\ndebug3:
> > mux_master_control_cleanup_cb: entering for channel 1\r\ndebug2: channel
> > 1: gc: user detached\r\ndebug2: channel 1: is dead (local)\r\ndebug2:
> > channel 1: garbage collecting\r\ndebug1: channel 1: free: mux-control,
> > nchannels 2\r\ndebug3: channel 1: status: The following connections are
> > open:\r\n\r\ndebug2: set_control_persist_exit_time: schedule exit in 60
> > seconds\r\ndebug3: mux_client_read_packet: read header failed: Broken
> > pipe\r\ndebug2: Received exit status from master 0\r\n')
> > <kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
> > <kronos.cac.local> SSH: ansible.cfg set ssh_args:
> > (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
> > <kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
> > (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=
> gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(
> PasswordAuthentication=no)
> > <kronos.cac.local> SSH:
> > ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set:
> (-o)(User=ansible)
> > <kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set:
> (-o)(ConnectTimeout=10)
> > <kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
> > <kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
> > <kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
> > (-o)(ControlPath=/root/.ansible/cp/25edd394cf)
> > <kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
> > ControlPersist=60s -o KbdInteractiveAuthentication=no -o
> > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,
> hostbased,publickey
> > -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
> > ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
> > '"'"'( umask 77 && mkdir -p "` echo
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983 `"
> > && echo ansible-tmp-1492441677.22-196285430121983="` echo
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983 `"
> > ) && sleep 0'"'"''
> > <kronos.cac.local> (0,
> > 'ansible-tmp-1492441677.22-196285430121983=/home/ansible/
> .ansible/tmp/ansible-tmp-1492441677.22-196285430121983\n',
> > 'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading
> > configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config
> > line 56: Applying options for *\r\ndebug1: auto-mux: Trying existing
> > master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
> > mux_client_hello_exchange: master version 4\r\ndebug3:
> > mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
> > mux_client_request_session: entering\r\ndebug3:
> > mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
> > done pid =
> > 20387\r\ndebug3: mux_client_request_session: session request
> > sent\r\ndebug1: mux_client_request_session: master session id:
> > 2\r\ndebug3: mux_client_read_packet: read header failed: Broken
> > pipe\r\ndebug2: Received exit status from master 0\r\n')
> > <kronos.cac.local> PUT /tmp/tmpuQPp6j TO
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-
> 196285430121983/ping.py
> > <kronos.cac.local> SSH: ansible.cfg set ssh_args:
> > (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
> > <kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
> > (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=
> gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(
> PasswordAuthentication=no)
> > <kronos.cac.local> SSH:
> > ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set:
> (-o)(User=ansible)
> > <kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set:
> (-o)(ConnectTimeout=10)
> > <kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
> > <kronos.cac.local> SSH: PlayContext set sftp_extra_args: ()
> > <kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
> > (-o)(ControlPath=/root/.ansible/cp/25edd394cf)
> > <kronos.cac.local> SSH: EXEC sftp -b - -vvv -C -o ControlMaster=auto -o
> > ControlPersist=60s -o KbdInteractiveAuthentication=no -o
> > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,
> hostbased,publickey
> > -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
> > ControlPath=/root/.ansible/cp/25edd394cf '[kronos.cac.local]'
> > <kronos.cac.local> (0, 'sftp> put /tmp/tmpuQPp6j
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-
> 196285430121983/ping.py\n',
> > 'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb 2013\r\ndebug1: Reading
> > configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config
> > line 56: Applying options for *\r\ndebug1: auto-mux: Trying existing
> > master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2:
> > mux_client_hello_exchange: master version 4\r\ndebug3:
> > mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3:
> > mux_client_request_session: entering\r\ndebug3:
> > mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
> > done pid = 20387\r\ndebug3: mux_client_request_session: session request
> > sent\r\ndebug1: mux_client_request_session: master session id:
> > 2\r\ndebug2: Remote version: 3\r\ndebug2: Server supports extension
> > "posix-ren...@openssh.com" revision 1\r\ndebug2: Server supports
> > extension "stat...@openssh.com" revision 2\r\ndebug2: Server supports
> > extension "fstat...@openssh.com" revision 2\r\ndebug2: Server supports
> > extension "hardl...@openssh.com" revision 1\r\ndebug2: Server supports
> > extension "fs...@openssh.com" revision 1\r\ndebug3: Sent message fd 6
> > T:16 I:1\r\ndebug3: SSH_FXP_REALPATH . -> /home/ansible size
> > 0\r\ndebug3: Looking up /tmp/tmpuQPp6j\r\ndebug3: Sent message fd 6 T:17
> > I:2\r\ndebug3: Received stat reply T:101 I:2\r\ndebug1: Couldn\'t stat
> > remote file: No such file or directory\r\ndebug3: Sent message
> > SSH2_FXP_OPEN I:3
> > P:/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-
> 196285430121983/ping.py\r\ndebug3:
> > Sent message SSH2_FXP_WRITE I:4 O:0 S:32768\r\ndebug3: SSH2_FXP_STATUS
> > 0\r\ndebug3: In write loop, ack for 4 32768 bytes at 0\r\ndebug3: Sent
> > message SSH2_FXP_WRITE I:5 O:32768 S:23147\r\ndebug3: SSH2_FXP_STATUS
> > 0\r\ndebug3: In write loop, ack for 5 23147 bytes at 32768\r\ndebug3:
> > Sent message SSH2_FXP_CLOSE I:4\r\ndebug3: SSH2_FXP_STATUS 0\r\ndebug3:
> > mux_client_read_packet: read header failed: Broken pipe\r\ndebug2:
> > Received exit status from master 0\r\n')
> > <kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
> > <kronos.cac.local> SSH: ansible.cfg set ssh_args:
> > (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
> > <kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
> > (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=
> gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(
> PasswordAuthentication=no)
> > <kronos.cac.local> SSH:
> > ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set:
> (-o)(User=ansible)
> > <kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set:
> (-o)(ConnectTimeout=10)
> > <kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
> > <kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
> > <kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
> > (-o)(ControlPath=/root/.ansible/cp/25edd394cf)
> > <kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
> > ControlPersist=60s -o KbdInteractiveAuthentication=no -o
> > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,
> hostbased,publickey
> > -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
> > ControlPath=/root/.ansible/cp/25edd394cf kronos.cac.local '/bin/sh -c
> > '"'"'chmod u+x
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-
> 196285430121983/ping.py
> > && sleep 0'"'"''
> > <kronos.cac.local> (0, '', 'OpenSSH_6.6.1, OpenSSL 1.0.1e-fips 11 Feb
> > 2013\r\ndebug1: Reading configuration data
> > /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 56: Applying
> > options for *\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd
> > 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master
> > version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local,
> > 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3:
> > mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive:
> > done pid = 20387\r\ndebug3: mux_client_request_session: session request
> > sent\r\ndebug1: mux_client_request_session: master
> > session id: 2\r\ndebug3: mux_client_read_packet: read header failed:
> > Broken pipe\r\ndebug2: Received exit status from master 0\r\n')
> > <kronos.cac.local> ESTABLISH SSH CONNECTION FOR USER: ansible
> > <kronos.cac.local> SSH: ansible.cfg set ssh_args:
> > (-C)(-o)(ControlMaster=auto)(-o)(ControlPersist=60s)
> > <kronos.cac.local> SSH: ansible_password/ansible_ssh_pass not set:
> > (-o)(KbdInteractiveAuthentication=no)(-o)(PreferredAuthentications=
> gssapi-with-mic,gssapi-keyex,hostbased,publickey)(-o)(
> PasswordAuthentication=no)
> > <kronos.cac.local> SSH:
> > ANSIBLE_REMOTE_USER/remote_user/ansible_user/user/-u set:
> (-o)(User=ansible)
> > <kronos.cac.local> SSH: ANSIBLE_TIMEOUT/timeout set:
> (-o)(ConnectTimeout=10)
> > <kronos.cac.local> SSH: PlayContext set ssh_common_args: ()
> > <kronos.cac.local> SSH: PlayContext set ssh_extra_args: ()
> > <kronos.cac.local> SSH: found only ControlPersist; added ControlPath:
> > (-o)(ControlPath=/root/.ansible/cp/25edd394cf)
> > <kronos.cac.local> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o
> > ControlPersist=60s -o KbdInteractiveAuthentication=no -o
> > PreferredAuthentications=gssapi-with-mic,gssapi-keyex,
> hostbased,publickey
> > -o PasswordAuthentication=no -o User=ansible -o ConnectTimeout=10 -o
> > ControlPath=/root/.ansible/cp/25edd394cf -tt kronos.cac.local '/bin/sh
> > -c '"'"'su -s /bin/sh root -c '"'"'"'"'"'"'"'"'/bin/sh -c
> > '"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'echo
> > BECOME-SUCCESS-anvbpadyrpgikywkipnzmenksbuoyblm; /usr/bin/python
> > /home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-
> 196285430121983/ping.py;
> > rm -rf
> > "/home/ansible/.ansible/tmp/ansible-tmp-1492441677.22-196285430121983/"
> >> /dev/null
> > 2>&1'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"'"''"'
> "'"'"'"'"'"'"'
> > && sleep 0'"'"''
> > kronos.cac.local | FAILED! => {
> > "failed": true,
> > "msg": "Timeout (12s) waiting for privilege escalation prompt: "
> > }
> >
> > Regards
> >
> > Stefan
> >
>
> --
> *CaC, Computer and Communication*
> Inhaber Stefan Klatt
> End-2-End Senior Network Consultant
> Triftstrasse 9
> 60528 Frankfurt
> Germany
> USt-IdNr.: DE260461592
>
> Tel.: +49-(0)172-6807809
> Tel.: +49-(0)69-67808-900
> Fax: +49-(0)69-67808-837
> Email: stefan.kl...@cac-netzwerk.de
> Profil: http://www.cac-netzwerk.de/profil
>
> --
> You received this message because you are subscribed to the Google Groups
> "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to ansible-project+unsubscr...@googlegroups.com.
> To post to this group, send email to ansible-project@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/ansible-project/c175ba74-8caa-3a74-afb6-
> f8f642ffe941%40cac-netzwerk.de.
> For more options, visit https://groups.google.com/d/optout.
>
--
Matt Martz
@sivel
sivel.net
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ansible-project+unsubscr...@googlegroups.com.
To post to this group, send email to ansible-project@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/CAD8N0v_v%2B7gnE4dZzqShQ31pdPMDkN9%3DR2ewVCMu_OYAsfnrsQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
