When I first started using Ansible, I got stuck on the fact that using the -k, —ask-pass option with the ansible-playbook command causes errors for servers that can SSH without a password.

According to the ansible-playbook command help, -k, —ask-pass seems to be an option that asks for a password when connecting.

$ ansible-playbook -h
Usage: ansible-playbook playbook.yml

Options:
  -k, --ask-pass        ask for connection password

Here are the execution results when an error occurs:

$ ansible-playbook -k -c paramiko -i hosts init.yml -vvv --extra-vars "user_password=$user_password"
No config file found; using defaults
SSH password: 

PLAYBOOK: init.yml ******************************************************
1 plays in init.yml

PLAY [setting SakuraServer VPS by root] ****************************************

TASK [setup] *******************************************************************
<128.199.213.164> ESTABLISH CONNECTION FOR USER: root on PORT 22 TO 128.199.213.164

paramiko: The authenticity of host '128.199.213.164' can't be established.
The ssh-rsa key fingerprint is 99a7fb117513602f560568e9d6daaa72.
Are you sure you want to continue connecting (yes/no)?
yes
fatal: [128.199.213.164]: UNREACHABLE! => {"changed": false, "msg": "Authentication failed.", "unreachable": true}
  to retry, use: --limit @init.retry

PLAY RECAP *********************************************************************
128.199.213.164             : ok=0    changed=0    unreachable=1    failed=0 

When you have public key authentication SSH connection set up and don’t need a login password, using the -k, —ask-pass option causes the error The authenticity of host ‘128.199.213.164’ can’t be established.

$ ansible-playbook -h
Usage: ansible-playbook playbook.yml

Options:
  -k, --ask-pass        ask for connection password

Running the ansible-playbook command without the -k option executed normally.

$ ansible-playbook -c paramiko -i hosts init.yml -vvv

That’s all from the Gemba.