Discussion:
[Fab-user] Remote ssh password
Geir Engebakken
2014-03-20 12:44:00 UTC
Permalink
We are interested in using fabric to run remote commands for setting up keyless login from one remote server1 to another server2 . This implies that we need to supply a password for the user on server2 when running the remote fabric command on server1 , any idea how we can accomplish this?

The actual command we want to run remotely on server1 is :

ssh ***@remote2 'umask 077; test -d .ssh || mkdir .ssh ; chmod 700 .;cat >> .ssh/authorized_keys'


Of course the actual running of the command on server1 is set up with keyless login on beforehand.


Geir
Nathan Brazil
2014-03-21 04:43:56 UTC
Permalink
Not necessarily a fabric-related topic, but have you looked into the expect utility?

--
Post by Geir Engebakken
We are interested in using fabric to run remote commands for setting up keyless login from one remote server1 to another server2 . This implies that we need to supply a password for the user on server2 when running the remote fabric command on server1 , any idea how we can accomplish this?
Of course the actual running of the command on server1 is set up with keyless login on beforehand.
Geir
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Geir Engebakken
2014-03-21 08:38:16 UTC
Permalink
Yes I have tested and installed expect, so that works and can be used, but I thought maybe fabric itself could possibly deal with this. With expect I need to install it on all servers.


Geir

From: Nathan Brazil [mailto:***@bitaxis.com]
Sent: 21. mars 2014 05:44
To: Geir Engebakken
Cc: fab-***@nongnu.org
Subject: Re: [Fab-user] Remote ssh password

Not necessarily a fabric-related topic, but have you looked into the expect utility?

--

On Mar 20, 2014, at 5:44 AM, Geir Engebakken <***@evry.com<mailto:***@evry.com>> wrote:


We are interested in using fabric to run remote commands for setting up keyless login from one remote server1 to another server2 . This implies that we need to supply a password for the user on server2 when running the remote fabric command on server1 , any idea how we can accomplish this?

The actual command we want to run remotely on server1 is :

ssh ***@remote2 'umask 077; test -d .ssh || mkdir .ssh ; chmod 700 .;cat >> .ssh/authorized_keys'


Of course the actual running of the command on server1 is set up with keyless login on beforehand.


Geir
Jorge Vargas
2014-03-21 18:53:35 UTC
Permalink
We have had this problem before. And we solved it in three ways.

Insecure: you can feed the password with < plain_text_password. The
problem here is that a) said password will be in your source code and b)
for a couple of seconds if someone does ps on the remote server they could
also see the password. This method isn't that bad if you disable password
ssh after installing this. However it may not be valid for your security
settings.

more secure: (yet not 100% automatic) you can actually get fabric to give
you a remote shell and then run the command there manually.
http://docs.fabfile.org/en/1.4.2/api/core/operations.html#fabric.operations.open_shell

What we ended up doing is getting fabric to start a
http://pexpect.sourceforge.net/pexpect.html module which is a port of the
expect tool Geir Engebakken mentioned. Which works pretty well. I have done
something similar to what you need here. And it's really simple just import
pexpect inside your fabric file and use it.





On Thu, Mar 20, 2014 at 8:44 AM, Geir Engebakken
Post by Geir Engebakken
We are interested in using fabric to run remote commands for setting up
keyless login from one remote server1 to another server2 . This implies
that we need to supply a password for the user on server2 when running the
remote fabric command on server1 , any idea how we can accomplish this?
.;cat >> .ssh/authorized_keys'
Of course the actual running of the command on server1 is set up with
keyless login on beforehand.
Geir
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
Loading...