Re: [Fab-user] tunneling with fab

fab-user

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] tunneling with fab

From:	Rory Campbell-Lange
Subject:	Re: [Fab-user] tunneling with fab
Date:	Wed, 27 Feb 2013 22:58:40 +0000
User-agent:	Mutt/1.5.21 (2010-09-15)

Calvin

If there is a problem with host key verification it is probably because
you have a record in your ~/.ssh/known_hosts file for the address
192.16.1.2. You could remove the record or give the server a dns name
(temporary ones live in your /etc/hosts file) to address it which may
work around the problem.

James -- I think "StrictHostKeyChecking no" is a serious security no-no. If you
really have to do it for a LAN host, you can use the

    -o StrictHostKeyChecking=no

command-line switch to ssh. But better to fix the underlying problem rather
than concrete it into .ssh/config in my opinion.

You can alter this native ssh function to put in your fabfile if the
python/fabric ssh doesn't support it:

def sshagent_run(cmd):
    """
    Helper function.
    Runs a command with SSH agent forwarding enabled.
    See https://github.com/simonhayward/simonsblog_django/blob/master/fabfile.py
    
    Note:: Fabric (and paramiko) can't forward your SSH agent. 
    This helper uses your system's ssh to do so.
    """

    for h in env.hosts:
        try:
            # catch the port number to pass to ssh
            host, port = h.split(':')
            local('ssh -p %s -A %s "%s"' % (port, host, cmd))
        except ValueError:
            local('ssh -A %s "%s"' % (h, cmd))

On 27/02/13, Stroehmann, James (address@hidden) wrote:
> I set these in my ~/.ssh/config
> 
> StrictHostKeyChecking no
> CheckHostIP no
> 
> -----Original Message-----
> From: address@hidden [mailto:address@hidden On Behalf Of Calvin
> Sent: Wednesday, February 27, 2013 3:29 PM
> To: address@hidden
> Subject: [Fab-user] tunneling with fab
> 
> I have two freshly installed nix boxes I want to automate configuration of.  
> I start on my box with fabric installed, neither of the freshboxes have 
> fabric available.
> 
> to gain control of the second box i manually ssh to the first then ssh to the 
> second to drop iptables.
> 
> The problem is this operation fails with fabric saying "err: Host key 
> verification failed."
> 
> 
> 
> my fab file has the following
> def drop_iptables_on_managed_host(ip='192.16.1.2'):
>     print ("droping iptables on host "+ip)
>     run(command='ssh '+ip+' service iptables stop')
> 
> 
> is there a way to have this autoaccept the key from the first host when 
> connecting to the second.
> 
> --
>   Calvin
>   address@hidden
> 
> --
> http://www.fastmail.fm - Send your email first class
> 
> 
> _______________________________________________
> Fab-user mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/fab-user
> 
> 
> 
> 
> _______________________________________________
> Fab-user mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/fab-user

-- 
Rory Campbell-Lange
address@hidden

Campbell-Lange Workshop
www.campbell-lange.net
0207 6311 555
3 Tottenham Street London W1T 2AF
Registered in England No. 04551928

[Prev in Thread]

Current Thread

[Next in Thread]

[Fab-user] tunneling with fab, Calvin, 2013/02/27
- Re: [Fab-user] tunneling with fab, Stroehmann, James, 2013/02/27
  - Re: [Fab-user] tunneling with fab, Rory Campbell-Lange <=
    - Re: [Fab-user] tunneling with fab, Calvin, 2013/02/27

Prev by Date: Re: [Fab-user] tunneling with fab
Next by Date: Re: [Fab-user] tunneling with fab
Previous by thread: Re: [Fab-user] tunneling with fab
Next by thread: Re: [Fab-user] tunneling with fab
Index(es):
- Date
- Thread