Closed thiell closed 1 year ago
Some update?
Kind of :) If you really want to use password-based authentication with clustershell, you can try sshpass. It is supported in 1.7.1. Please see #241, #242 and #244 and 6e4e131f454b2ac37cfcd93e1a17d9a39bbbe951 for the details or just check out this nice doc:
As @thiell said, there is a couple of workarounds for this feature. Anyway, I think we need to support of interactively provided password in future releases.
@thiell: could we imagine, when using a special option (--password?) reading if on the command line, and writing it to each workers?
Support for entering a password for keys with a passphrase would be appreciated too. Doing something like this works around it:
ssh_path: 'sshpass -f plain_text_file_with_password.txt -P Enter ssh'
ssh_options: '-i /some/non-default/key.pem -oBatchMode=no'
...but really defeats the purpose.
I don't catch why the following approach does not work:
$ export SSHPASS="$(pass [...])" # use passstore to define the password
# check direct SSH works - OK
$ sshpass -e ssh myserver 'whoami'
# repeat with clush - Not OK
$ clush -O ssh_path='sshpass -e ssh' -w myserver 'whoami'
myserver: Permission denied (publickey,password).
clush: myserver: exited with exit code 255
Most likely the SSHPASS variable is not passed to the clush processes. Any suggestion?
Whoops, just missed the ten year anniversary of this ticket.
I realize there are situations where you don't like passwords, but in the enterprise there are common tasks that require it. (Example: Installing ssh keys on a few hundred fresh Dells, whose idracs all are hit with root/calvin). This sort of thing is literally the last reason we have expect installed on our servers, and I would love to move past it.
10-year anniversary gift ;) With clustershell 1.9, you will be able to enable the new sshpass clush mode to support password-based authentication:
# enable sshpass mode
cp /etc/clustershell/clush.conf.d/sshpass.conf.example /etc/clustershell/clush.conf.d/sshpass.conf
# use clush -m sshpass or --mode sshpass (this will prompt for a password and authenticate all nodes via sshpass)
clush -m sshpass -w <nodes> uptime
of course the password must be the same on all specified <nodes>
There is an issue here. If I install the clush via pip install --user ClusterShell
. The clush.conf.d dir is under ~/.local/etc/clustershell
.
However, the confdir in ~/.local/etc/clustershell/clush.conf
is still /etc/clustershell/clush.conf.d
.
Therefore, the sshpass mode is not detected even if I do cp ~/.local/etc/clustershell/clush.conf.d/sshpass.conf.example ~/.local/etc/clustershell/clush.conf.d/sshpass.conf
.
@yh882317
in ~/.local/etc/clustershell/clush.conf
you have the default confdir:
confdir: /etc/clustershell/clush.conf.d $CFGDIR/clush.conf.d
correct?
If /etc/clustershell/clush.conf
doesn't exist, $CFGDIR should theorically be defined as ~/.local/etc/clustershell
and your configuration should be found.
Do you have a /etc/clustershell/clush.conf
on this system? If not, this might be a bug.
in ~/.local/etc/clustershell/clush.conf you have the default confdir:
confdir: /etc/clustershell/clush.conf.d $CFGDIR/clush.conf.d
correct?
Yes
Do you have a /etc/clustershell/clush.conf on this system?
No, there is no such file. I only did pip install --user ClusterShell. It is intended to be installed for github local runner. I'd prefer not to bother the system etc space.
I just tried like you and my sshpass mode was found. To see which directories are found and parsed, can you try to use debug mode (-d) with a dummy command, like this?
$ clush -w localhost -m sshpass -d true
you should see something like this:
ClushConfig parsed: ['/home/sthiell/.local/etc/clustershell/clush.conf', '/etc/clustershell/clush.conf.d/sshpass.conf', '/etc/clustershell/clush.conf.d/sudo.conf']
Available run modes: sshpass sshpass-file sudo
you_hu@bayonet001:~/projectsdeployment$ clush -w localhost -m sshpass -d true DEBUG:root:clush: STARTING DEBUG Changing max open files soft limit from 1048576 to 8192 User interaction: True Create STDIN worker: False ClushConfig parsed: ['/home/you_hu/.local/etc/clustershell/clush.conf'] Available run modes: ERROR: invalid mode "sshpass" (available: )
More info: system distro is ubuntu22.04
Got it, thanks @yh882317 for your help finding the issue. I was able to reproduce if I remove completely /etc/clustershell
. We'll fix this.
As a workaround – for now – you can change confdir
to point explicitly to your clush.conf.d (use full path), like this:
confdir: /home/you_hu/.local/etc/clustershell/clush.conf.d
support password-based authentication for initial connection to nodes