Allow key authentication when using --ask-pass (similar to Ansible v2)

This closes #14250. It should not have any ill-effects for existing use-cases as we would only allow additional authentication methods on top of password authentication. And since the user can authenticate in other ways already, it also has no security impact.
2016-02-02 10:05:08 +01:00 · 2016-02-02 10:05:08 +01:00 · 009164227e
parent 8e2c5337f5
commit 009164227e
1 changed files with 1 additions and 4 deletions
--- a/lib/ansible/runner/connection_plugins/ssh.py
+++ b/lib/ansible/runner/connection_plugins/ssh.py
@ -91,10 +91,7 @@ class Connection(object):
            self.common_args += ["-o", "IdentityFile=\"%s\"" % os.path.expanduser(self.private_key_file)]
        elif self.runner.private_key_file is not None:
            self.common_args += ["-o", "IdentityFile=\"%s\"" % os.path.expanduser(self.runner.private_key_file)]
-        if self.password:
-            self.common_args += ["-o", "GSSAPIAuthentication=no",
-                                 "-o", "PubkeyAuthentication=no"]
-        else:
+        if not self.password:
            self.common_args += ["-o", "KbdInteractiveAuthentication=no",
                                 "-o", "PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey",
                                 "-o", "PasswordAuthentication=no"]