Error adding known keys #6

santiagomr · 2020-08-07T02:42:51Z

I'm having an error in this task that I still can't fully understand but I can solve

Line 45 in 4b71900

- name: KNOWN_HOSTS | add or update client key to known_hosts in server

From the previous task, the ssh_known_host_results variable is set with the following value:

TASK [backuppc_client : debug] *****************************************************************************************************
ok: [client.santiagomr.com -> server.santiagomr.com] => {
    "ssh_known_host_results": {
        "changed": true, 
        "cmd": [
            "ssh-keyscan", 
            "-p", 
            "6159", 
            "client.santiagomr.com"
        ], 
        "delta": "0:00:00.042840", 
        "end": "2020-08-06 22:58:45.958496", 
        "failed": false, 
        "rc": 0, 
        "start": "2020-08-06 22:58:45.915656", 
        "stderr": "# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10\n# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10\n# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10", 
        "stderr_lines": [
            "# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10", 
            "# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10", 
            "# client.santiagomr.com:6159 SSH-2.0-OpenSSH_7.9p1 Debian-10"
        ], 
        "stdout": "[client.santiagomr.com]:6159 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCn2KI6zKR2G7xFshnC8dkmwW48vI2MFeBLGk0CeOoR+MAbRp0Fmf9euJWcWNefBriR8RgrO1fR68iPr9yVnoy6+xmG5wMQr97OAawxTlcx89lS/mxidQ7j9gNBgpdzzFHqPMBdvse+4C1kO/gvxPeyafnf3d454DOZkO6xcJdc8/taqToTKaAc9HJuEJYGhgOrXmLAdEI8zfBUKMDqPl3WnGvIEUx0QOykZnv6TRFM8nKOSUEMN5Tqpdsd0YEgnTza0+PyIHRUY1BhLxHWJGPS6ZFPQ0ezCOgrKxZvhJQYvUm/L3/KkB6KEHIHOZCZPKBb4xBoaVHTcK8dPLUkmA/j\n[client.santiagomr.com]:6159 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNT3M+e1CioMBnZ42ohfQIr/Nz+xrP71FIM1iK0pa23Te9ynAsLss9huxQoNWxn4jfugARNys3W1CQcBHHIT3DE=\n[client.santiagomr.com]:6159 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo+TDP7ZRsuqv9o+g5rnDhZRa8TpyWF0YzjNPO5IRsr", 
        "stdout_lines": [
            "[client.santiagomr.com]:6159 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCn2KI6zKR2G7xFshnC8dkmwW48vI2MFeBLGk0CeOoR+MAbRp0Fmf9euJWcWNefBriR8RgrO1fR68iPr9yVnoy6+xmG5wMQr97OAawxTlcx89lS/mxidQ7j9gNBgpdzzFHqPMBdvse+4C1kO/gvxPeyafnf3d454DOZkO6xcJdc8/taqToTKaAc9HJuEJYGhgOrXmLAdEI8zfBUKMDqPl3WnGvIEUx0QOykZnv6TRFM8nKOSUEMN5Tqpdsd0YEgnTza0+PyIHRUY1BhLxHWJGPS6ZFPQ0ezCOgrKxZvhJQYvUm/L3/KkB6KEHIHOZCZPKBb4xBoaVHTcK8dPLUkmA/j", 
            "[client.santiagomr.com]:6159 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNT3M+e1CioMBnZ42ohfQIr/Nz+xrP71FIM1iK0pa23Te9ynAsLss9huxQoNWxn4jfugARNys3W1CQcBHHIT3DE=", 
            "[client.santiagomr.com]:6159 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDo+TDP7ZRsuqv9o+g5rnDhZRa8TpyWF0YzjNPO5IRsr"
        ]
    }
}

However I get the following error:

TASK [backuppc_client : KNOWN_HOSTS | add or update client key to known_hosts in server] *******************************************************************************************************
fatal: [client.santiagomr.com -> server.santiagomr.com]: FAILED! => {"changed": false, "msg": "Host parameter does not match hashed host field in supplied key"}

Indicating hash_host: yes in the task (default value is no) I don't get an error and can complete the role execution.

Note: I am running on LXC containers of the same Debian Buster image on both sides

The text was updated successfully, but these errors were encountered:

santiagomr · 2020-08-07T02:46:21Z

As a parallel comment. It doesn't seem entirely correct to ignore errors here:

ansible-backuppc-client/tasks/ssh.yml

Line 43 in 4b71900

ignore_errors: yes

the next task depends on the correct definition of that variable.

ulvida · 2020-08-07T17:47:09Z

TASK [backuppc_client : KNOWN_HOSTS | add or update client key to known_hosts in server] *******************************************************************************************************
fatal: [client.santiagomr.com -> server.santiagomr.com]: FAILED! => {"changed": false, "msg": "Host parameter does not match hashed host field in supplied key"}

I don't think this error is systematic, but it's good to test it in all the situations, because this task is now supposed to add or update the key. In which situation do you have this error? Didn't you previousely accessed the server with ssh command?

Indicating hash_host: yes in the task (default value is no) I don't get an error and can complete the role execution.

Indeed, I noticed that this module stores in clear the hostname in the known_hosts. In old versions, ssh used to update this file in this way, but since quite a time it does hash the hostname (for privacy, better not knowing what site people visit...). So certainly you are right, better to always hash the hostname. But I would like to understand what happend, because I don't see where is the "hashed host field in supplied key".

ulvida · 2020-08-07T17:49:49Z

As a parallel comment. It doesn't seem entirely correct to ignore errors here:

ansible-backuppc-client/tasks/ssh.yml

Line 43 in 4b71900

ignore_errors: yes

the next task depends on the correct definition of that variable.

You're right. What I should have put here is changed_when: false.

santiagomr added the invalid This doesn't seem right label Aug 7, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error adding known keys #6

Error adding known keys #6

santiagomr commented Aug 7, 2020

santiagomr commented Aug 7, 2020

ulvida commented Aug 7, 2020

ulvida commented Aug 7, 2020

Error adding known keys #6

Error adding known keys #6

Comments

santiagomr commented Aug 7, 2020

santiagomr commented Aug 7, 2020

ulvida commented Aug 7, 2020

ulvida commented Aug 7, 2020