Error using Windows Server as SSH jumphost for Ansible

Question

I am trying to setup Windows Server 2019 machine as SSH jumphost for Ansible using OpenSSH Windows feature. The Ansible is running on my local Windows 11 machine in WSL2.

I am using password authentication for SSH connection. The SSH connection to jumphost works normally. The problem occurs when I try to run Ansible playbook that uses that Windows machine as jumphost. I get the following error:

fatal: [windows_jumphost]: UNREACHABLE! => {
    "changed": false,
    "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"` echo C:/ansible-test `\"&& mkdir \"` echo C:/ansible-test/ansible-tmp-1694695752.0674007-2979-106690247965455 `\" && echo ansible-tmp-1694695752.0674007-2979-106690247965455=\"` echo C:/ansible-test/ansible-tmp-1694695752.0674007-2979-106690247965455 `\" ), exited with result 1",
    "unreachable": true
}

The user that is used to connect to jumphost has administrative privileges.

This is my Ansible inventory file (yaml format):

---
all:
  children:
    jumphosts:
      hosts:
        windows_jumphost:
          ansible_host: <jumphost_IP>
          ansible_connection: ssh
          ansible_port: 22
          ansible_remote_tmp: 'C:/ansible-test'
          ansible_user: <my_username>
          ansible_password: <my_password>
    targets:
      hosts:
        mikrotik_router:
          ansible_host: <router_IP>
          ansible_connection: network_cli
          ansible_network_os: routeros
          ansible_ssh_common_args: '-o ProxyJump=<my_username>@<jumphost_IP>'

Ansible reports that the task of connecting to jumphost failed and proceeds with the next task (backup of the router) that executes successfully, meaning that it connected directly to the router instead of connecting via jumphost.

I have tried many different combinations in the inventory file but I always get the same error.

Please help! Thanks in advance!

Answer 1

I used to do something similar with WSL, Ansible, and jumphosts:

• I used Ansible on Ubuntu on WSL2 to manage other WSL instances both on my local system as well as other Windows systems.
• I used an OpenSSH server on each Windows 10/11 host as the jumphost to access the local WSL2 instances running under it (note that this method doesn't work any longer under the latest WSL releases).

However, I transitioned away from this method a few years ago. That said, I still have my Ansible repo, so I went back to see if it could generate any ideas that might help you. Sadly, I think that your attempt is pretty close to what was working for me. However, I'll point out the differences just in case they help:

• My common_args uses the older style jumphost configuration:

  ansible_ssh_common_args: -o "ProxyCommand ssh -W %h:%p {{ windows_host }}" -o "StrictHostKeyChecking=no"
  

  The windows_host variable is defined in my case for each target, but that shouldn't be necessary in your case, since all you have is the one IP address. Of course, this invocation should be the same as the newer-style -o ProxyJump=<my_username>@<jumphost_IP> which you are using.

• I have ansible_ssh_use_tty: true, which I thought I remembered as being needed for some reason. However, when I checked the docs on this option, that seems to be the default. If so, of course, it shouldn't make a difference.

Also, you might consider trying to set the jumphost configuration via ~/.ssh/config and using a special hostname. For instance (untested, but going from memory + tidbits from old configs I have):

~/.ssh/config:

Host microtik_via_jumphost # Can be whatever you want
Hostname <router_IP>
ProxyJump <jumphost_IP>

inventory.yaml changes:

ansible_host: microtik_via_jumphost
ansible_connection: network_cli
ansible_network_os: routeros