Change from using a management user to using ssh agent forwarding

[turnrye]

• Get rid of the management user and use admin with the "old password" for the upgrade process
• Use admin through the entire config process
• Any time after users are created and an SSH activity takes place, use ssh agent forwarding and the bash $USER variable to ssh/scp as the current user rather than a now non-existent management user
• Get rid of network variable

[turnrye]

having issues with using this from client to server to router. Able to ssh from server to route using ssh-agent, but it does not work within ansible. Looking at logs on the router, I see this:

echo: ssh,error expected: 50 got: 5

[turnrye]

A bit more troubleshooting... ran the following test:

ryan_turner@ns1:~/infrastructure-configs$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> ssh = paramiko.SSHClient()
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect('r1.leb.memhamwan.net', username='ryan_turner', allow_agent=True,look_for_keys=True)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/paramiko/client.py", line 337, in connect
    self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)
  File "/usr/lib/python2.7/dist-packages/paramiko/client.py", line 528, in _auth
    raise saved_exception
paramiko.SSHException: No existing session

From the router:

jul/13/2015 22:48:41 ssh,error expected: 50 got: 5

Yet this still works (and the key is coming from agent forwarding):

ryan_turner@ns1:~/infrastructure-configs$ ssh ryan_turner@r1.leb.memhamwan.net

So, I must be using paramiko or have the router misconfigured?

[turnrye]

ryan_turner@ns1:~/infrastructure-configs$ ssh-add -l
2048 ad:d8:93:97:ad:94:2c:7d:5c:e0:94:41:05:cc:e3:ac ryan@ryanturner.me (RSA)
2048 c6:b2:f4:4b:b4:f0:69:3b:6a:b2:00:9d:aa:24:ee:4c ryanturner@Ryans-MacBook-Pro.local (RSA)
1024 0b:2c:ff:1b:1b:54:53:50:03:92:64:db:70:36:d7:72 ryanturner@Ryans-MacBook-Pro.local (DSA)

[turnrye]

Updated paramiko! New error!

ryan_turner@ns1:~/infrastructure-configs$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> print paramiko.__version__
1.15.2
>>> ssh = paramiko.SSHClient()
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> sh.connect('r1.leb.memhamwan.net', username='ryan_turner', allow_agent=True,look_for_keys=True)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'sh' is not defined
>>> ssh.connect('r1.leb.memhamwan.net', username='ryan_turner', allow_agent=True,look_for_keys=True)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 307, in connect
    look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
  File "/usr/local/lib/python2.7/dist-packages/paramiko/client.py", line 520, in _auth
    raise SSHException('No authentication methods available')
paramiko.ssh_exception.SSHException: No authentication methods available

[turnrye]

OK, so the fix was to make it where ssh-add -l only had one key listed; ansible still doesnt work, but at least paramiko does not...

ryan_turner@ns1:~/infrastructure-configs$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import paramiko
>>> ssh = paramiko.SSHClient()
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect('r1.leb.memhamwan.net', username='ryan_turner', allow_agent=True,look_for_keys=True)
>>> 
ryan_turner@ns1:~/infrastructure-configs$ ansible-playbook -i locales/memphis/hosts -vvvv hamwan_site_config.yml

PLAY [mikrotik-cell-core-routers] ********************************************* 

TASK: [common-mikrotik-routers | query device for hardware] ******************* 
<r1.leb.memhamwan.net> ESTABLISH CONNECTION FOR USER: memhamwan on PORT 22 TO r1.leb.memhamwan.net
fatal: [r1.leb.memhamwan.net] => {'msg': 'FAILED: Authentication failed.', 'failed': True}

FATAL: all hosts have already failed -- aborting

PLAY RECAP ******************************************************************** 
           to retry, use: --limit @/home/ryan_turner/hamwan_site_config.retry

r1.leb.memhamwan.net       : ok=0    changed=0    unreachable=1    failed=0   

ryan_turner@ns1:~/infrastructure-configs$ ssh-add -l
1024 0b:2c:ff:1b:1b:54:53:50:03:92:64:db:70:36:d7:72 ryanturner@Ryans-MacBook-Pro.local (DSA)