search

israelroldan / grunt-ssh

SSH, SFTP tasks for Grunt.
https://npmjs.org/package/grunt-ssh
MIT License
244 stars 70 forks source link

agent does not use ~/.ssh/config #129

Open Redsandro opened 8 years ago

Redsandro commented 8 years ago

If the client and server contain a bunch of keys, ssh is supposed to offer the key specified in ~/.ssh/config, e.g.:

Host myhost.com
    IdentityFile ~/.ssh/myKey.id_rsa
    IdentitiesOnly yes

However, this is completely ignored, and the agent prompts me to enter the password for a different key. A plugin that handles this correctly is for example grunt-rsync.

Redsandro commented 8 years ago

Also, if I enter all the passwords to all my keys, I still can't connect to certain servers because it just tries a bunch of keys.

sshd: error: maximum authentication attempts exceeded for <user> from <ip> port <port> ssh2 [preauth]
sshd: Disconnecting: Too many authentication failures for <user> [preauth]

Even when I use 10 variations of these options:

options : {
    agent           : process.env.SSH_AUTH_SOCK,
    agentForward    : true
}

This means that the IdentityFile in the ssh config is ignored, and grunt-ssh just tries all keys. This causes the server to reject your login after a few keys. This means that you can only have a certain amount of keys in your .ssh folder for Grunt-ssh to be able to login.

This is unacceptable, because you need to manually move keys in and out of that directory in order to be able to deploy.

A workaround is to use grunt-shell instead, and just enter the ssh commands as if you would on the terminal.