Ansible playbook 无法通过 ssh 连接到远程用户 => 无法访问且权限被拒绝

我正在构建一个完整的解决方案，使用 bash 脚本和 Ansible playbook 设置和强化我们的 vps (ubuntu 22.04)。我想做的是：

1. 创建具有 sudo 权限的自定义组“sudogroup”
2. 在此组中创建新用户“sudouser”
3. 使用密钥对与该用户建立安全 SSH 连接
4. 以“sudouser”而不是“root”身份执行我的 Ansible 剧本

我用以下方法做这个bash 脚本：

#------------------------------------------------------------------------------
# Prepare Vars
#------------------------------------------------------------------------------
# Remote Server Machine
IPSERVER="XXX.XXX.XXX.XXX"
ROOTUSER_NAME="root"
ROOTUSER_PASSWORD="password1"
#------------------------------------------------------------------------------
# Sudo Group & User
SUDOGROUP="sudogroup"
SUDOUSER_NAME="sudouser"
SUDOUSER_PASSWORD="password2"
#------------------------------------------------------------------------------
# SSH Connections
SSHROOTPASS=$ROOTUSER_PASSWORD
SSHCRYPTALGO="ecdsa"    # rsa (regular) - dsa (not recommanded) - ecdsa (best)
SSHCRYPTBYTES="521"     # Strongest: [rsa : 4096] - [dsa: 1024] - [ecdsa: 521]
SSHFILENAME="id_$SSHCRYPTALGO"
#------------------------------------------------------------------------------
# SSH Connections
SSHCRYPTALGO="ecdsa"    # rsa (regular) - dsa (not recommanded) - ecdsa (best)
SSHCRYPTBYTES="521"     # rsa : 4096 - dsa: 1024 - ecdsa: 521
SSHPORT="22"
SSHROOTCONN="$ROOTUSER_NAME@$IPSERVER"
SSHROOTPASS=$ROOTUSER_PASSWORD
SSHROOTOPTIONS="-p $SSHPORT -tt -o StrictHostKeyChecking=no -o BatchMode=no"
SSHROOTFILENAME="id_$SSHCRYPTALGO"
SSHADMCONN="$SUDOUSER_NAME@$IPSERVER"
SSHADMPASS=$SUDOUSER_PASSWORD
SSHADMFILENAME="id_"$SSHCRYPTALGO"_"$SUDOUSER_NAME
#------------------------------------------------------------------------------

#------------------------------------------------------------------------------
# Create a hidden [/home/$SUDOUSER_NAME/.ssh] directory to store SSL keys
sudo mkdir -p ~/.ssh
sudo chmod 700 ~/.ssh
#------------------------------------------------------------------------------
# Register Remote Server IP in known hosts
sudo ssh-keyscan -H $IPSERVER >> ~/.ssh/known_hosts

#------------------------------------------------------------------------------
# Create a new SUDO privileged users group & new User on remote server
#------------------------------------------------------------------------------
sshpass -p "$SSHROOTPASS" ssh $SSHROOTOPTIONS $SSHROOTCONN "bash -s" << ENDSSH01
  stty -echo
  # Backup [sudoers] configuration file to recover, just in case
  cp --archive /etc/sudoers /etc/sudoers-COPY-$(date +"%Y%m%d%H%M%S")
  #------------------------------------------------------------------------------
  # Create a new group of users
  groupadd $SUDOGROUP
  #------------------------------------------------------------------------------
  # Add [$SUDOGROUP] to [sudoers] configuration file
  echo "%$SUDOGROUP ALL=(ALL:ALL) ALL" >> /etc/sudoers
  #------------------------------------------------------------------------------
  # Create a new sudo User named [$SUDOUSER_NAME]
  useradd -m -s /bin/bash -g $SUDOGROUP $SUDOUSER_NAME
  #------------------------------------------------------------------------------
  # Set password of the new sudo User named [$SUDOUSER_NAME]
  echo "$SUDOUSER_NAME:$SUDOUSER_PASSWORD" | chpasswd
  #------------------------------------------------------------------------------
  stty echo
  exit
ENDSSH01
#------------------------------------------------------------------------------


#------------------------------------------------------------------------------
# Setup SSH Connection between local Client and remote Server
#------------------------------------------------------------------------------
# Create SSH Keys pair for [sudouser]
sudo ssh-keygen -t $SSHCRYPTALGO -b $SSHCRYPTBYTES -N "" -f ~/.ssh/$SSHADMFILENAME <<< y
sudo ssh-copy-id -i ~/.ssh/$SSHADMFILENAME.pub $SUDOUSER_NAME@$IPSERVER -o StrictHostKeyChecking=no
#------------------------------------------------------------------------------
# Send a PING to the remote server to check SSH Connection to [sudouser]
sudo ansible all -i inventory -m ping --private-key=~/.ssh/$SSHADMFILENAME
#------------------------------------------------------------------------------


#------------------------------------------------------------------------------
# Execute Ansible Playbook to setup remote Ubuntu 18/20/22 Remote Server
#------------------------------------------------------------------------------
sudo ansible-playbook -i inventory setup_server.yml --private-key=~/.ssh/$SSHADMFILENAME
#------------------------------------------------------------------------------

这Ansible 库存文件：

[OURVPS]
195.179.193.224

这Ansible 剧本开始如下：

#------------------------------------------------------------------------------
# ANSIBLE PLAYBOOK
#------------------------------------------------------------------------------
- name: SETUP UBUNTU 22.04 SERVER / VPS
  hosts: OURVPS
  remote_user: sudouser
  become: yes
  become_method: sudo

  #------------------------------------------------------------------------------
  vars:
  #------------------------------------------------------------------------------
    # Disable strict host key checking when connecting to remote hosts via SSH
    ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
    ...
  #------------------------------------------------------------------------------
  tasks:
  #------------------------------------------------------------------------------
  ...

bash 脚本正确执行（组和用户正确设置），没有错误，直到它尝试执行 ansible playbook。

这平命令返回：

XXX.XXX.XXX.XXX | SUCCESS => {
    "ansible_facts": {
        "discovered_interpreter_python": "/usr/bin/python3"
    },
    "changed": false,
    "ping": "pong"
}

然后我总是收到同样的错误：

fatal: [XXX.XXX.XXX.XXX]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: [email protected]: Permission denied (publickey,password).", "unreachable": true}

我已经尝试过的：

• 手动连接：=> 工作正常：建立连接！
  ssh [email protected]
  

• 手动连接：=> 工作正常：建立连接！
  ssh -o 'StrictHostKeyChecking=no' [email protected]
  

为什么这个 ansible playbook 拒绝正确执行???
如果我可以手动连接，那么为什么 Ansible 不能自动连接???

附言：这个问题可能与其他问题重复，但我没有得到任何与我的情况相匹配的积极见解。