Ansible where do PreferredAuthentications SSH settings come from?
I'm observe that -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
is hard coded in the source code
If you override ssh_args
in ansible.cfg
to -o PreferredAuthentications=publickey
is added to the ssh command line but this doesn't replace -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey
Example:
$ grep ssh_args /etc/ansible/ansible.cfg
#ssh_args = -C -o ControlMaster=auto -o ControlPersist=60s
ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey
$ ansible rhel7a -m ping -vvvv |grep EXEC
<rhel7a> SSH: EXEC ssh -vvv -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o ControlPath=/home/user/.ansible/cp/13dd447a86 rhel7a '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
Comments
-
emeraldjava over 1 year
I'm running a standard ansible (v2.3.1) playbook using SSH username and password settings. When using the '-vvvv' setting i can see these SSH commands getting generated
EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o Port=2222 -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=dc_user -o ConnectTimeout=10
In the case above, where are the 'PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey' settings getting pulled from. I believe these come from the client SSH config settings but is this correct?
I understand that i can override the ssh arguments by defining this in my 'ansaible.cfg'
[ssh_connection] scp_if_ssh=True ssh_args = -o ControlMaster=auto -o ControlPersist=60s -o PreferredAuthentications=publickey
Can someone explain this to me? Thanks