diff --git a/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml b/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml new file mode 100644 index 0000000000..464d8882c6 --- /dev/null +++ b/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml @@ -0,0 +1,2 @@ +bugfixes: + - paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596) diff --git a/lib/ansible/plugins/connection/paramiko_ssh.py b/lib/ansible/plugins/connection/paramiko_ssh.py index f6c8df219c..e5b51bad0a 100644 --- a/lib/ansible/plugins/connection/paramiko_ssh.py +++ b/lib/ansible/plugins/connection/paramiko_ssh.py @@ -137,6 +137,7 @@ import sys import re from termios import tcflush, TCIFLUSH +from distutils.version import LooseVersion from binascii import hexlify from ansible import constants as C @@ -323,7 +324,7 @@ class Connection(ConnectionBase): pass # file was not found, but not required to function ssh.load_system_host_keys() - sock_kwarg = self._parse_proxy_command(port) + ssh_connect_kwargs = self._parse_proxy_command(port) ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self)) @@ -337,6 +338,10 @@ class Connection(ConnectionBase): if self._play_context.private_key_file: key_filename = os.path.expanduser(self._play_context.private_key_file) + # paramiko 2.2 introduced auth_timeout parameter + if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'): + ssh_connect_kwargs['auth_timeout'] = self._play_context.timeout + ssh.connect( self._play_context.remote_addr.lower(), username=self._play_context.remote_user, @@ -346,7 +351,7 @@ class Connection(ConnectionBase): password=self._play_context.password, timeout=self._play_context.timeout, port=port, - **sock_kwarg + **ssh_connect_kwargs ) except paramiko.ssh_exception.BadHostKeyException as e: raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname)