[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fab-user] tunneling with fab
|
From: |
Calvin |
|
Subject: |
Re: [Fab-user] tunneling with fab |
|
Date: |
Wed, 27 Feb 2013 21:32:30 -0400 |
Thanks Rory,
Very informative,
I was just forming the idea that id have to look into using the paramiko
api directly.
I didn't show the little script I had in there to stripe out any keys
for the host from my known_hosts file. from what I'm reading it should
be adding the key automatically by fabric, The more I think about it,
it might even be a permissions issue. I'm using hudson to automate this
process, its possible it doesn't have permission to update this file. I
have some leads to follow now.
Thanks for your input,
I appreciated it.
Cal
--
Calvin
address@hidden
On Wed, Feb 27, 2013, at 06:58 PM, Rory Campbell-Lange wrote:
> Calvin
>
> If there is a problem with host key verification it is probably because
> you have a record in your ~/.ssh/known_hosts file for the address
> 192.16.1.2. You could remove the record or give the server a dns name
> (temporary ones live in your /etc/hosts file) to address it which may
> work around the problem.
>
> James -- I think "StrictHostKeyChecking no" is a serious security no-no.
> If you
> really have to do it for a LAN host, you can use the
>
> -o StrictHostKeyChecking=no
>
> command-line switch to ssh. But better to fix the underlying problem
> rather
> than concrete it into .ssh/config in my opinion.
>
> You can alter this native ssh function to put in your fabfile if the
> python/fabric ssh doesn't support it:
>
> def sshagent_run(cmd):
> """
> Helper function.
> Runs a command with SSH agent forwarding enabled.
> See
> https://github.com/simonhayward/simonsblog_django/blob/master/fabfile.py
>
> Note:: Fabric (and paramiko) can't forward your SSH agent.
> This helper uses your system's ssh to do so.
> """
>
> for h in env.hosts:
> try:
> # catch the port number to pass to ssh
> host, port = h.split(':')
> local('ssh -p %s -A %s "%s"' % (port, host, cmd))
> except ValueError:
> local('ssh -A %s "%s"' % (h, cmd))
>
> On 27/02/13, Stroehmann, James (address@hidden) wrote:
> > I set these in my ~/.ssh/config
> >
> > StrictHostKeyChecking no
> > CheckHostIP no
> >
> > -----Original Message-----
> > From: address@hidden [mailto:address@hidden On Behalf Of Calvin
> > Sent: Wednesday, February 27, 2013 3:29 PM
> > To: address@hidden
> > Subject: [Fab-user] tunneling with fab
> >
> > I have two freshly installed nix boxes I want to automate configuration of.
> > I start on my box with fabric installed, neither of the freshboxes have
> > fabric available.
> >
> > to gain control of the second box i manually ssh to the first then ssh to
> > the second to drop iptables.
> >
> > The problem is this operation fails with fabric saying "err: Host key
> > verification failed."
> >
> >
> >
> > my fab file has the following
> > def drop_iptables_on_managed_host(ip='192.16.1.2'):
> > print ("droping iptables on host "+ip)
> > run(command='ssh '+ip+' service iptables stop')
> >
> >
> > is there a way to have this autoaccept the key from the first host when
> > connecting to the second.
> >
> > --
> > Calvin
> > address@hidden
> >
> > --
> > http://www.fastmail.fm - Send your email first class
> >
> >
> > _______________________________________________
> > Fab-user mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/fab-user
> >
> >
> >
> >
> > _______________________________________________
> > Fab-user mailing list
> > address@hidden
> > https://lists.nongnu.org/mailman/listinfo/fab-user
>
> --
> Rory Campbell-Lange
> address@hidden
>
> Campbell-Lange Workshop
> www.campbell-lange.net
> 0207 6311 555
> 3 Tottenham Street London W1T 2AF
> Registered in England No. 04551928
--
http://www.fastmail.fm - Access your email from home and the web