You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ssh-agent forwarding in the ee container seems to be not working. It keeps asking for my passphrase on remote connections. For troubleshooting so far, I run an ansible task to sleep 1000 and then exec in the ee container to run commands like ssh-add -l , env etc.., or I exec in the ee docker image directly using the same options as ansible-navigator does.
SSH_AUTH_SOCK env variable is correctly passed in the ee and the socket is mounted:
In the ee container:
env | grep SOCK
SSH_AUTH_SOCK=/private/tmp/com.apple.launchd.DpffgxjdnV/Listeners
mount | grep DpffgxjdnV
/host_mark/private on /private/tmp/com.apple.launchd.DpffgxjdnV type fakeowner (rw,nosuid,nodev,relatime,fakeowner)
but my key is not there:
ssh-add -l
Error connecting to agent: Operation not supported
The use of ssh-agent results in the simplest configuration and eliminates issues with SSH key passphrases when using ansible-navigator with execution environments.
After a big web detour, it seems to be a MacOS+Docker thing (e.i docker/for-mac#410 ). Running manually a docker container by combining --user=root & -v /run/host-services/ssh-auth.sock:/run/host-services/ssh-auth.sock -e SSH_AUTH_SOCK="/run/host-services/ssh-auth.sock" and removing root .ssh dir mapping -v /Users/myuser/.ssh/:/root/.ssh/, I managed to successfully ssh remotely using my local ssh-agent and my unlocked ssh-key. Here is the simplified command I used:
Ansible-navigater is adding --user=current_user_id by default and if we add container options like this, it is appended. Lastly I'm not sure if SSH_AUTH_SOCK contains a usable socket for mac to be mapped.
Adding the "mac" keyword on the title of this issue.
ekartsonakis
changed the title
ssh-agent forwarding - execution environment container asks ssh key passphrase
Mac - ssh-agent forwarding - ee container asks ssh key passphrase
Oct 9, 2023
@ajinkyau @cidrblock Can you please investigate this and determine if that is indeed a bug in navigator or just an environment specific issue related to docker on macos. Probably we would also have a similar issue with podman because its also works the same way (container host being VM).
ISSUE TYPE
SUMMARY
ssh-agent forwarding in the ee container seems to be not working. It keeps asking for my passphrase on remote connections. For troubleshooting so far, I run an ansible task to
sleep 1000
and then exec in the ee container to run commands likessh-add -l
,env
etc.., or I exec in the ee docker image directly using the same options as ansible-navigator does.SSH_AUTH_SOCK
env variable is correctly passed in the ee and the socket is mounted:In the ee container:
but my key is not there:
I tried @timway's suggestion ansible/ansible-runner#1293 to add a docker option
--user root
but didn't help.ANSIBLE-NAVIGATOR VERSION
Running with Docker Desktop 4.23.0 on a Mac M1 + macOS 14 Sonoma
CONFIGURATION
LOG FILE
STEPS TO REPRODUCE
Use an image for execution environment and your ssh key with a passphrase.
EXPECTED RESULTS
As described in docs: https://github.com/ansible/ansible-navigator/blob/main/docs/faq.md#ssh-keys
The use of ssh-agent results in the simplest configuration and eliminates issues with SSH key passphrases when using ansible-navigator with execution environments.
ACTUAL RESULTS
ssh to remote hosts fails
ADDITIONAL INFORMATION
my
ansible.cfg
in the project dir:part of my
.ssh/config
The text was updated successfully, but these errors were encountered: