In summary, When provisioning my vagrant box using Ansible, I get thrown a mysterious error when trying to clone my bitbucket private repo using ssh. The error states that the "Host key verification failed".

Yet if I vagrant ssh and then run the 'git clone' command, the private repo is successfully cloned. This indicates that the ssh forward agent is indeed working and the vagrant box can access my private key associated with the bitbucket repo.

I have been struggling for two days on this issue and am loosing my mind! Please, somebody help me!!!

Vagrantfile:

Vagrant.configure("2") do |config|
  config.vm.box = "ubuntu/xenial64"
  config.vm.network "private_network", ip: "192.168.33.10"
  config.ssh.forward_agent = true

  # Only contains ansible dependencies
  config.vm.provision "shell",
    inline: "sudo apt-get install python-minimal -y"

  # Use ansible for all provisioning:
  config.vm.provision "ansible" do |ansible|
    ansible.playbook = "provisioning/playbook.yml"
  end

end

My playbook.yml is as follows:

---

- hosts: all
  become: true

  tasks:
    - name: create /var/www/ directory
      file: dest=/var/www/ state=directory owner=www-data group=www-data mode=0755

    - name: Add the user 'ubuntu' to group 'www-data'
      user:
        name: ubuntu
        shell: /bin/bash
        groups: www-data
        append: yes

    - name: Clone bitbucket repo
      git:
        repo: git@bitbucket.org:gustavmahler/example.com.git
        dest: /var/www/poo
        version: master
        accept_hostkey: yes

Error Message:

vagrant provision

TASK [common : Clone bitbucket repo] *******************************************

fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/git clone --origin origin '' /var/www/poo", "failed": true, "msg": "Cloning into '/var/www/poo'...\nWarning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.", "rc": 128, "stderr": "Cloning into '/var/www/poo'...\nWarning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.\r\nPermission denied (publickey).\r\nfatal: Could not read from remote repository.\n\nPlease make sure you have the correct access rights\nand the repository exists.\n", "stderr_lines": ["Cloning into '/var/www/poo'...", "Warning: Permanently added the RSA host key for IP address '104.192.143.3' to the list of known hosts.", "Permission denied (publickey).", "fatal: Could not read from remote repository.", "", "Please make sure you have the correct access rights", "and the repository exists."], "stdout": "", "stdout_lines": []}

Additional Info:

• ssh-add -l on my machine does contain the associated bitbucket repo key.
• ssh-add -l inside the vagrant box does also contain the associated bitbucket repo key (through ssh-forwarding).

Yet cloning works if done manually inside the vagrant box ?:

vagrant ssh
git clone git@bitbucket.org:myusername/myprivaterepo.com.git
Then type "yes" to allow the RSA fingerprint to be added to ~/.ssh/known_hosts (as its first connection with bitbucket)

Possible solution?

I have seen in the Ansible documentation that there is a key_file: option. How would I reference the private key which is located outside the vagrant box and is passed in using ssh forwarding?

I do have multiple ssh keys for different entities inside my ~/.ssh/ Perhaps the git clone command when run by Ansible provisioning isn't selecting the correct key?

Any help is greatly appreciated and thanks for reading my nightmare.