mmretail / parallel-ssh

Automatically exported from code.google.com/p/parallel-ssh
Other
0 stars 0 forks source link

Not passing passphrase? #80

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. specify either "-x '-i /path/to/identity'" or "-O 
IdentityFile=/path/to/identity", along with -A to input passphrase
2. Asks for passphrase
3. Doesn't appear to use it 

What is the expected output? What do you see instead?
If you remove the passphrase from the key, it works fine.
When the key has a passphrase, SSH exit code is 255

What version of the product are you using? On what operating system?
2.3.1, CentOS 5.9 x64

Please provide any additional information below.

# pssh -v -i -A -H server -x '-i /home/user/.ssh/id_rsa' whoami
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 11:09:30 [FAILURE] server Exited with error code 255
Stderr: pssh-askpass received prompt: "Enter passphrase for key 
'/home/user/.ssh/id_rsa': "
Enter passphrase for key '/home/user/.ssh/id_rsa': 
Permission denied (publickey,gssapi-with-mic).

Original issue reported on code.google.com by unclemo...@gmail.com on 21 Feb 2013 at 11:15

GoogleCodeExporter commented 8 years ago
Think I've sorted this. The askpass_client exits if the prompt from ssh doesn't 
end in 'password:'. This shouldn't happen, as this condition is only used to 
determine whether to present a generic prompt or the actual prompt (from what I 
can tell).

Here's the fix.

--- /usr/src/pssh-2.3.1/psshlib/askpass_client.py       2013-02-21 
11:33:29.000000000 +0000
+++ /usr/lib/python2.4/site-packages/psshlib/askpass_client.py  2013-02-21 
12:34:53.000000000 +0000
@@ -68,7 +68,6 @@
         if not prompt.strip().lower().endswith('password:'):
             sys.stderr.write(prompt)
             sys.stderr.write('\n')
-            sys.exit(1)
     else:
         sys.stderr.write('Error: pssh-askpass called without a prompt.\n')
         sys.exit(1)

Original comment by unclemo...@gmail.com on 21 Feb 2013 at 12:37

GoogleCodeExporter commented 8 years ago
Created issue #81 to address this.

Original comment by unclemo...@gmail.com on 21 Feb 2013 at 5:12

GoogleCodeExporter commented 8 years ago
Thanks for reporting this problem.

Hmm... the patch in comment #1 would cause pssh to send a password as a 
response to a yes/no question, which would be bad.

The way I would fix this is to check for the string "Enter passphrase", but 
I'll wait until I hear back on issue #81 before proceeding.

Original comment by amcna...@gmail.com on 21 Feb 2013 at 5:49

GoogleCodeExporter commented 8 years ago
I changed the line to
 if not ( prompt.strip().lower().endswith('password:') or 'enter passphrase for key' in prompt.strip().lower()):

and it seems to work

Original comment by robine...@gmail.com on 25 Mar 2014 at 6:18

GoogleCodeExporter commented 8 years ago
I managed to get around this issue recently by using keychain rather than 
entering my passphrase into parallel-ssh: 
http://unix.stackexchange.com/a/128998/57414

In essence I did this:

# install keychain package
$ sudo apt-get install keychain
# add my key to the keychain, entering passphrase when asked
$ keychain ~/.ssh/id_rsa
# source the file generated by the above command
$ source ~/.keychain/$(uname -n)-sh

# execute parallel-ssh. No need for the key's passphrase, keychain takes care 
of it
$ parallel-ssh --hosts=machines --user=my_user --timeout=0 'sudo apt-get update'

Original comment by nathan.w...@gmail.com on 12 May 2014 at 5:40