Ansible is always asking for ssh keyphrase even after adding to ssh-add

Question

I have added my key to ssh-add after initialising $(ssh-agent)

Raw ssh command works totally fine with just key and no passphrase ssh -i key.pem ubuntu@someip

So far so good, the problem is that in same terminal running if i run ansible playbook, it is asking for key passphrase !!! and not allowing to automate it

TASK [deploy-all : Copy something to remote host] *******************
Wednesday 30 June 2021  18:04:56 +0200 (0:00:00.609)       0:00:03.063 ******** 
Enter passphrase for key 'key.pem': 

It even asks for the passphrase multiple times... during same playbook execution. (I have some tasks delegated to localhost delegate_to: "{{ delegate_build_to_host }}", so when context switches to remote host seems to ask passphrase again)

inventory file:

[webserver]
dockerall ansible_host=some.host.ip.xy ansible_user=ubuntu ansible_ssh_private_key_file=key.pem

Playbook is just using the only hostgroup webserver

---

- hosts: webserver
  become: true
  gather_facts: false
  environment:
    CI: "true"
  vars:
    working_user: root

  - { role: deploy, tags: 'deploy' }

First task of deploy role is very simple, and i get asked for passphrase: roles/deploy/tasks/main.yaml

# identation is wrong but doesn't matter just copied for example
  copy:
    src: "{{ role_path }}/files/docker/"
    dest: "{{ dc_path }}"
    mode: preserve

// more tasks here some delegated to localhost
- name: "create tmp build directory in build host to contain all sort of tmp files that can be deleted after execution"
  delegate_to: "localhost"
  file:
    path: "{{ tmp_build_path }}"
    recurse: yes
    state: directory

// again after this comment, copy tasks for remote host

Key file permissions:

stat -c "%a %n" key.pem

600 key.pem

Answer 1

Setting ansible_ssh_private_key_file=key.pem will overwrite your ssh-agent config and ansible will ask your ssh password for each host (cause it don't look anymore on ssh-agent parameters and base itself on just ansible config).

Delete the ansible_ssh_private_key_file from your ansible file and add a config block in your ~/home/.ssh.config for your servers (example below)

Host test
  HostName 192.168.5.30
  Port 22
  User <ssh user to connect>
    IdentityFile ~/.ssh/<your ssh private key>
    IdentitiesOnly yes

Like so you keep all your ssh config to ssh-agent

Hope that this answer will still help some people after 1 year