Re: [Fab-user] Remote ssh password

[Jorge Vargas]

We have had this problem before. And we solved it in three ways.

Insecure: you can feed the password with  < plain_text_password. The problem here is that a) said password will be in your source code and b) for a couple of seconds if someone does ps on the remote server they could also see the password. This method isn't that bad if you disable password ssh after installing this. However it may not be valid for your security settings.

more secure: (yet not 100% automatic) you can actually get fabric to give you a remote shell and then run the command there manually. http://docs.fabfile.org/en/1.4.2/api/core/operations.html#fabric.operations.open_shell

What we ended up doing is getting fabric to start a http://pexpect.sourceforge.net/pexpect.html module which is a port of the expect tool Geir Engebakken mentioned. Which works pretty well. I have done something similar to what you need here. And it's really simple just import pexpect inside your fabric file and use it.

On Thu, Mar 20, 2014 at 8:44 AM, Geir Engebakken <address@hidden> wrote:

We are interested in using fabric to run remote commands for setting up keyless login from one remote server1 to another server2 . This implies that we need to supply a password for the user on server2 when running the remote fabric command on server1 , any idea how we can accomplish this?

 

The actual command we want to run remotely on server1  is :

 

ssh address@hidden  'umask 077; test -d .ssh || mkdir .ssh ; chmod 700 .;cat >> .ssh/authorized_keys'

 

 

Of course the actual running of the command on server1 is set up with keyless login on beforehand.

 

 

Geir

 

_______________________________________________
Fab-user mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/fab-user