Closed klvbdmh closed 10 months ago
why not use standard SSH over tailscale0
interface? I am doing that and it works fine.
why not use standard SSH over
tailscale0
interface? I am doing that and it works fine.
Thanks for pointing me in the right direction, it works fine on my end too!
I'm coming back to this issue in case others are struggling.
Pyinfra uses paramiko under the hood. It doesn't support connecting to ssh with no password and ssh key (paramiko/paramiko#2370), which you don't need if you connect through tailscale.
As a workaround (paramiko/paramiko#2370), generate a dummy key through ssh_paramiko_connect_kwargs
in your inventory, like so:
import paramiko
dev = [
# Your tailscale server IP goes here
("100.x.x.x",
{
"_name": "Server via Tailscale",
# Your username goes here
"ssh_user": "username",
"ssh_paramiko_connect_kwargs": {"pkey": paramiko.ecdsakey.ECDSAKey.generate()},
}
)
]
Is your feature request related to a problem? Please describe
I have a tailnet with a local computer and a remote server. I'd like to use pyinfra to deploy scripts over Tailscale. Right now, I can use the regular SSH connector using the original IP address of the remote server. But when I try to use the IP address assigned by Tailscale (100.x.x.x):
I get the following error:
Connecting over SSH outside of pyinfra works as expected:
Describe the solution you'd like
From the documentation about Tailscale SSH:
It looks like authentication works differently when you do it over WireGuard compared to normal SSH.
Would writing a new connector be enough or some other changes are necessary?