Re: [Fab-user] fabric (paramiko) asking for password repeatedly?

[Doug Vos]

OK, I'm like the guy who posts something on Stackoverflow, and then starts answering his own question a few minutes later...

Added the debugging code to top of fabfile.py

import logging
logging.basicConfig(level=logging.DEBUG)

So here's a few pertinent lines from the debugging log...

DEBUG:paramiko.transport:Switch to new keys ...

DEBUG:paramiko.transport:userauth is OK

DEBUG:paramiko.transport:Authentication type (password) not permitted.

DEBUG:paramiko.transport:Allowed methods: [u'publickey']

[examplehost] Login password for ' examplehost ':

[examplehost] Login password for ' examplehost ': 

[examplehost] Login password for ' examplehost ': 

What does it mean when it says: userauth is OK

followed by:  Authentication type (password) not permitted.

I've tested the SSH RSA keys (via MobaXterm - a great alternative to Putty) and the keys DO allow me to login with no password -- which is what I want.

On Wed, Aug 29, 2018 at 3:23 PM Doug Vos <address@hidden> wrote:

Hello fabric world! (My first post to this fabulous group):

I'm building a set of WordPress maintenance tools with Python > Fabric > Invoke > Paramiko

It's working great on several popular hosting platforms that provide SSH and WP-CLI

However, I keep running into issues where fabric is asking for the password over and over again --even though I've set the SSH 4096 RSA keys to log-me-in without password.

Currently the scripts are running successfully every morning, gathering plugin and theme data automatically for over 20 domains (running WP) at several different hosting companies. It's essential to this project that after the SSH RSA/DSA keys are properly installed and tested that the scripts never ask for a password again -- causing the scripts to halt.

Obviously, I'm trying to configure the strong SSH keys to NOT use a 'passphrase' and not use a 'password'. In some cases it needs a password, so I've jiggered up some code that keeps the password active.

CODE example

from fabric.api import *

from fabric.contrib.console import confirm

env.passwords = json.load(open("/blah/blah/web_hosts"))

env.use_ssh_config = True

env.skip_bad_hosts = True

env.output_prefix  = False

env.warn_only      = False      # Set False to prevent PHP warnings, etc.

env.timeout        = 45         # Wait up to 45 seconds 

env.connection_attempts = 3     # Try connecting 3 times 

env.eagerly_disconnect  = True  # Close the connection after batch 

env.disable_known_hosts = False # False by default

# Warning: Setting env.disable_known_hosts = True leaves us open to 

#   man-in-the-middle attacks! Please use with caution when testing.

# -------------------------------------------------------------------

So, I keep asking myself -- Why do some hosts keeping asking for a password anyway? and Why is the script working on 20 domains, but not the few exceptions?

What suggestions do you have for debugging the SSH configs (keys, passwords, and passphrases) and web-hosts that are causing me grief?

I know about the issue with passphrase. I've read these pages

• http://www.fabfile.org/faq.html
  
• http://www.fabfile.org/troubleshooting.html
  

Starting to do some serious debugging and trouble shooting but it's taking many hours.... so looking for some helpful advice. Thank-you!

P.S. I'm starting to port my scripts to Fabric 2.3.1 -- but not there yet...