According to the docs <https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-configure-a-jump-host-to-access-servers-that-i-have-no-direct-access-to> setting* ProxyCommand* in *ansible_ssh_command_args* will enable access to private servers via a jump server.
I am attempting to do this but keeping the error *Control socket "/Users/pnotes/.ansible/cp/cfed83541a" does not exist.* My current setup is thus: ansible/test/inventory.ini [all] bastion-0 private-server0 [bastions] bastion-0 ansible_host=104.xxx.xx.xxx [private_servers] private-server0 ansible_host=68.xxx.xxx.xxx ansible/test/host_vars/private-server0.yaml --- ansible_ssh_common_args: '-o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -q root@bastion-ip-address"' the output of running playbook command with -vvvv: task path: /Users/pnotes/Desktop/bastion-setup/ansible/common.yaml:2 <68.xxx.xxx.xxx> ESTABLISH SSH CONNECTION FOR USER: root <68.xxx.xxx.xxx> SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/pnotes/.ssh/root_test_key_id_rsa"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic, gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=root -o ConnectTimeout=10 -o 'ProxyCommand=ssh -o StrictHostKeyChecking=no -W %h:%p -q [email protected]' -o ControlPath=/Users/pnotes/.ansible/cp/cfed83541a 68.xxx.xxx.xxx '/bin/sh -c '"'"'echo ~root && sleep 0'"'"'' <68.xxx.xxx.xxx> (255, b'', b'OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/pnotes/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 68.xxx.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket "/Users/pnotes/.ansible/cp/cfed83541a" does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -W 68.xxx.xxx.xxx:22 -q [email protected]\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa type 0\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.9\r\nssh_exchange_identification: Connection closed by remote host\r\n') fatal: [test-docker-0]: UNREACHABLE! => { "changed": false, "msg": "Failed to connect to the host via ssh: OpenSSH_7.9p1, LibreSSL 2.7.3\r\ndebug1: Reading configuration data /Users/pnotes/.ssh/config\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 48: Applying options for *\r\ndebug2: resolve_canonicalize: hostname 68.xxx.xxx.xxx is address\r\ndebug1: auto-mux: Trying existing master\r\ndebug1: Control socket \"/Users/pnotes/.ansible/cp/cfed83541a\" does not exist\r\ndebug1: Executing proxy command: exec ssh -o StrictHostKeyChecking=no -W 68.xxx.xxx.xxx:22 -q [email protected]\r\ndebug3: timeout: 10000 ms remain after connect\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa type 0\r\ndebug1: identity file /Users/pnotes/.ssh/root_test_key_id_rsa-cert type -1\r\ndebug1: Local version string SSH-2.0-OpenSSH_7.9\r\nssh_exchange_identification: Connection closed by remote host\r\n", "unreachable": true } I don't understand why this isn't working and would greatly appreciate an explanation. Thank you. *Note: * When I edit my personal ssh config file (~/.ssh/config) with the details of the jump server and the private server, I am able to connect without a problem. BUT I would rather not have to edit my personal ssh config file for ansible controlled hosts (these are setup/torn-down numerous times for testing, staging environments). -- You received this message because you are subscribed to the Google Groups "Ansible Development" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
