Discussion:
[Fab-user] Host based authentication failing in fabric connection
Peter Moore
2018-10-04 04:21:40 UTC
Permalink
I am trying to use Fabric instead of Ansible to deploy scripts to a number
of hosts. I found out that user ssh keys are not copied. Instead host based
authentication is being used (ie host keys are copied from
/etc/ssh/ssh_host_rsa_key.pub to remote /etc/ssh/authorized_keys) and
Paramiko is failing with this auth method. Ansible does support this
method though OpenSSH and will fall back to Paramiko if that is not
working.

Is there a way to instantiate a Connection from fabric using another way ?

Thanks in advance
Pete
Jeff Forcier
2018-10-04 16:21:40 UTC
Permalink
Hi Peter,

Fabric (all versions) only uses Paramiko, so if it lacks host-based auth,
then Fabric will as well.

I looked and there is an open ticket for adding the feature to Paramiko:
https://github.com/paramiko/paramiko/issues/316 - there seems to be a diff
attached which I haven't reviewed yet (hasn't been a high priority as very
few users seem to be requesting it).

Should you have the time to attempt adding it to your local copy of
Paramiko, please comment on the ticket with the results - that would help
move things along a bit.

Best,
Jeff
Post by Peter Moore
I am trying to use Fabric instead of Ansible to deploy scripts to a number
of hosts. I found out that user ssh keys are not copied. Instead host based
authentication is being used (ie host keys are copied from
/etc/ssh/ssh_host_rsa_key.pub to remote /etc/ssh/authorized_keys) and
Paramiko is failing with this auth method. Ansible does support this
method though OpenSSH and will fall back to Paramiko if that is not
working.
Is there a way to instantiate a Connection from fabric using another way ?
Thanks in advance
Pete
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Jeff Forcier
Unix sysadmin; Python engineer
http://bitprophet.org
Loading...