Fabrics 2.x ssh connection using identity fails to work

Question

Trying to connect to the host described in ssh config using fabrics 2 and identity file.

con = Connection('my_host')
@task
def tt(c):
    con.run('uname -a')

~/.ssh/config :

Host my_host
    HostName 123.144.76.84
    User ubuntu
    IdentityFile ~/.keys/somekey

It fails with

paramiko.ssh_exception.AuthenticationException: Authentication failed.

While $ ssh my_host from the terminal works.

I've tried to do fab -i ~/.keys/somekey tt with same result.

eternaltyro · Answer 1 · 2019-05-31T11:54:02.987

1

Fabric accepts a hosts iterable as parameters in tasks. Per the documentation:

An iterable of host-connection specifiers appropriate for eventually instantiating a Connection. The existence of this argument will trigger automatic parameterization of the task when invoked from the CLI, similar to the behavior of --hosts.

One of the members of which could be:

A string appropriate for being the first positional argument to Connection - see its docs for details, but these are typically shorthand-only convenience strings like hostname.example.com or user@host:port.

As for your example, please try this for fabfile.py:

host_list = ["my_host"]

@task(hosts=host_list)
def tt(c):
    c.run('uname -a')

Alternatively, you can omit the host declaration from the fabfile altogether. If you don't specify the host in fabfile.py, you can simply specify it as a host when invoking the fab cli utility. If your fabfile.py is this:

@task
def tt(c):
    c.run('uname -a')

You would now run fab -H my_host tt to run it on the alias tt from your SSH client config.

Hope this helps.

edited May 31 '19 at 11:54

answered May 31 '19 at 11:48

eternaltyro

336
2
12

No, it leads to the same result. ` ... File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 437, in connect passphrase, File "/usr/local/lib/python2.7/site-packages/paramiko/client.py", line 749, in _auth raise saved_exception paramiko.ssh_exception.AuthenticationException: Authentication failed.` – Serafim Suhenky May 31 '19 at 15:59
First suggestion is not working at all - complaining on hosts parameter. Its not related to the question – Serafim Suhenky May 31 '19 at 16:00
I believe the problem is that for some reason its trying to use password to auth instead of provided cert – Serafim Suhenky May 31 '19 at 16:01
I'm out of ideas. Have you already tried adding your private key to the SSH agent? `ssh-add ~/.keys/somkey` – eternaltyro Jun 01 '19 at 00:53

score 1 · Answer 2 · answered Oct 01 '22 at 14:16

There seems to be something afoot with paramiko. Without digging deeper I don't know if it's a bug or not. In any case, I had the same issue, and even a plain paramiko call got me the same error.

Following another SO question I was able to make it work by disabling rsa-sha2-256 and rsa-sha2-512 as mentioned.

Luckily, fabric exposes access to the paramiko arguments like so:

con = Connection(
    'my_host',
    connect_kwargs={
        "disabled_algorithms": {"pubkeys": ["rsa-sha2-256", "rsa-sha2-512"]}
    }
)

I find it unlucky that this is required in the fabfile. If someone else has a better/cleaner solution feel free to comment.

score 0 · Answer 3 · answered Nov 09 '19 at 08:55

0

Same problem.

You can try add -d for more detail when fabric run:

fab2 -d tt

I found the exception: paramiko.ssh_exception.SSHException: Invalid key, then regenerate key from server, problem solved.

answered Nov 09 '19 at 08:55

herock

69
1
2

Fabrics 2.x ssh connection using identity fails to work

3 Answers3