Ansible and duo login host


#1

Hi …
I have been finish deploy host with duo login auth .
I success access through bastion host from my workstation and get duo login prompt.
Now I deploy ansible to manage all my host .
The problem was come when the host using duo login auth .
Here command I use in ansible host:

Blockquote
ansible -v -m ping zakard-a
Using /etc/ansible/ansible.cfg as config file
zkrd-a | UNREACHABLE! => {
“changed”: false,
“msg”: “ERROR! SSH encountered an unknown error during the connection. We recommend you re-run the command using -vvvv, which will enable SSH debugging output to help diagnose the issue”,
“unreachable”: true
}

Blockquote
Aug 20 04:48:11 ip-10-1-130-209 kernel: [3534958.049808] audit: type=1112 audit(1534740491.612:1890): pid=12503 uid=0 auid=4294967295 ses=4294967295 msg=‘op=login acct=“coinone” exe="/usr/sbin/sshd" hostname=? addr=10.1.137.200 terminal=sshd res=failed’
Aug 20 04:48:11 ip-10-1-130-209 kernel: [3534958.051830] audit: type=1109 audit(1534740491.612:1891): pid=12503 uid=0 auid=4294967295 ses=4294967295 msg=‘op=PAM:bad_ident acct="?" exe="/usr/sbin/sshd" hostname=10.1.137.200 addr=10.1.137.200 terminal=ssh res=failed’

any solution for my problem.
Thanks


#2

It’s probably having issues with the duo prompt. You probably want to either configure duo_unix not to prompt for the user you’re connecting via ansible as or use SSH Keys. If you’ve configured duo to challenge with SSH keys as well, you’ll have to prevent duo from prompting that user.