Checking SSH connectivity
About this task
Check the SSH connectivity from the management machine to other host machines. The SSH connectivity check provides details regarding the configured user
, IP address of the hosts for which SSH connectivity works or fails. Run the check before deploying PingIntelligence components. Enter the following command on the management host command line.
Steps
-
$ ./bin/start.sh check
User configured for SSH: ec2-user Checking sudo connectivity between ansible management host and other hosts... 172.16.40.187 | SUCCESS => { "changed": false, "ping": "pong" } SSH connectivity to all hosts is successful Capturing host information... Host information is captured successfully
Troubleshooting
Possible errors during SSH connectivity
During SSH connectivity check between management host machine and PingIntelligence hosts, you may encounter some errors because of user permission issues or connectivity issues between machines. Following are some of the probable error messages that you may see:
-
You have configured user to use password to authenticate with the hosts machines, however, the configured password in the
hosts
file is wrong.User configured for SSH: ec2-user Checking connectivity between ansible management host and other hosts... 172.16.40.187 | UNREACHABLE! => { "changed": false, "msg": "Authentication failure.", "unreachable": true } Sun Jul 12 19:22:41 MDT 2020: SSH connection error: connectivity to all hosts is not successful for ec2-user
-
ansible_ssh_pass
for authentication with password is uncommented in thehosts
file. However, the password field has been left empty. Leaving the value empty is equivalent to passworld-less authentication.User configured for SSH: ec2-user Checking connectivity between ansible management host and other hosts... 172.16.40.187 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: Permission denied (publickey,password).\r\n", "unreachable": true } Sun Jul 12 19:26:16 MDT 2020: SSH connection error: connectivity to all hosts is not successful for ec2-user
-
install_with_sudo
is set totrue
and there is an error connecting to PingIntelligence host machines.User configured for SSH: ec2-user Checking sudo connectivity between ansible management host and other hosts... 172.16.40.187 | FAILED! => { "changed": false, "module_stderr": "Connection to 172.16.40.187 closed.\r\n", "module_stdout": "sudo: a password is required\r\n", "msg": "MODULE FAILURE", "rc": 1 } Sun Jul 12 19:30:26 MDT 2020: SSH connection error: sudo connectivity to all hosts is not successful for ec2-user
The probable reasons for error in connectivity could be:
-
The user is not in the
sudoers
file or the user is not in any group that hassudo
privileges -
The user does not have
NOPASSWD: ALL
privileges in thesudoers
file.
-
-
The IP address configured in the
hosts
file is not available.User configured for SSH: ec2-user Checking sudo connectivity between ansible management host and other hosts... 172.16.40.81 | UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 172.16.40.81 port 22: Connection timed out\r\n", "unreachable": true } Sun Jul 12 21:41:08 MDT 2020: SSH connection error: sudo connectivity to all hosts is not successful for ec2-user
-
selinux dependency - If you encounter the following error, you need to install
selinux
package on the host machine on which you see this error. Check the machine mentioned beforeFAILED!
in the output to identify the machine whereselinux
needs to be installed.[localhost]: FAILED! => {"changed": false, "msg": "Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!"} to retry, use: --limit @/home/ec2-user/411/pingidentity/pi-api-deployment/ansible/setup.retry