Vagrant Private key - Ansible SSH Permission Denied - How to resolve.

While building VMs with Vagrant and trying to run ansible-playbook with them over SSH connection.  We get exceptions like Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password

The execution and the error would like something similar to the below.

[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", 
"unreachable": true

This post presumes that you are using the Vagrant's private key for ansible SSH authentication.


The Problem / The Scenario:

Here I am using the vagrant private key with ansible and passing it as a ansible_ssh_private_key_file variable

A Snap of my ansible_hosts file shows my variable declaration

ansible_ssh_common_args='-o StrictHostKeyChecking=no'

Though you would be able to directly SSH to the VM using the private_key. You would not be able to SSH with ansible.

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh -i ~/.vagrant.d/insecure_private_key [email protected]
Development Environment
[vagrant@mwiapp01 ~]$ 

ansible ad-hoc commands (or) playbook will fail with the error. when executed with -vvv option in ansible. you could see the detailed info similar to this

[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts -vvv
ansible 2.5.0
config file = None
configured module search path = [u'/Users/aksarav/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/Cellar/ansible/2.5.0/libexec/lib/python2.7/site-packages/ansible
executable location = /usr/local/bin/ansible
python version = 2.7.14 (default, Mar 22 2018, 15:04:47) [GCC 4.2.1 Compatible Apple LLVM 9.0.0 (clang-900.0.39.2)]
No config file found; using defaults
Parsed /Users/aksarav/VirtualBox VMs/vagrantVM/ansible_hosts inventory source with ini plugin
META: ran handlers
Using module file /usr/local/Cellar/ansible/2.5.0/libexec/lib/python2.7/site-packages/ansible/modules/system/
<> SSH: EXEC ssh -C -o ControlMaster=auto -o ControlPersist=60s -o 'IdentityFile="/Users/aksarav/.vagrant.d/insecure_private_key"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o User=vagrant -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o ControlPath=/Users/aksarav/.ansible/cp/1dc5e4da79 '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<> (255, '', 'Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n') | UNREACHABLE! => {
"changed": false, 
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n", 
"unreachable": true


Now we have our private-key of vagrant. Let us create a SSH public Key and copy it over to VMs.

Execute the following command in the order it is given to accomplish.

ssh-keygen -y -f ~/.vagrant.d/insecure_private_key

ssh-keygen -y -f ~/.vagrant.d/insecure_private_key > ~/.vagrant.d/

ssh-copy-id -f -i ~/.vagrant.d/ [email protected]


Execution Result

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-keygen -y -f ~/.vagrant.d/insecure_private_key 
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ==

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-keygen -y -f ~/.vagrant.d/insecure_private_key > ~/.vagrant.d/

[email protected]:~/VirtualBox VMs/vagrantVM$ ssh-copy-id -f -i ~/.vagrant.d/ [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/aksarav/.vagrant.d/"

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.



[email protected]:~/VirtualBox VMs/vagrantVM$ ansible app -m ping -i ansible_hosts | SUCCESS => {
"changed": false, 
"ping": "pong"

Now you could notice the issue is resolved and you could run the ansible ad-hoc commands and playbook without any hitch