search

pyinfra-dev / pyinfra

pyinfra turns Python code into shell commands and runs them on your servers. Execute ad-hoc commands and write declarative operations. Target SSH servers, local machine and Docker containers. Fast and scales from one server to thousands.
https://pyinfra.com
MIT License
3.84k stars 374 forks source link

SSH Timeout not taken into account when using a ProxyJump #971

Open ebreton opened 1 year ago

ebreton commented 1 year ago

I would like to reduce the connection timeout to 5 seconds when connecting to my hosts , through a ProxyJump

The ~/.ssh/config file is properly set on my host:

Host sshJump
  HostName myhost.com
  User me

Host device
  HostName 10.0.0.170
  ProxyJump sshJump
  ConnectTimeout 5
  User nvidia
  PreferredAuthentications password

The expected behaviour with pyinfra is the same one as handled by a SSH from shell: timeout after 5 secs:

$ ssh device
Connection timed out during banner exchange
Connection to UNKNOWN port 65535 timed out

But when I try to connect with pyinfra, the connection hangs on with the default timeout (120 secs)

I have tried to provide to pyinfra a timeout of 2 seconds through the inventory.py :

server = [
    ('device', {
        'ssh_user': "nvidia", 'ssh_password': "mypassword",
        'ssh_paramiko_connect_kwargs': {
            'timeout': 2,
            'auth_timeout': 2,
            'channel_timeout': 2,
            'banner_timeout': 2,
        }
    }, ),
]

But to no success

Meta

$ pyinfra --support
--> Support information:

    If you are having issues with pyinfra or wish to make feature requests, please
    check out the GitHub issues at https://github.com/Fizzadar/pyinfra/issues .
    When adding an issue, be sure to include the following:

    System: Darwin
      Platform: macOS-13.2.1-x86_64-i386-64bit
      Release: 22.3.0
      Machine: x86_64
    pyinfra: v2.6.2
    Executable: /Users/emb/Library/Caches/pypoetry/virtualenvs/infra-8Re8434z-py3.8/bin/pyinfra
    Python: 3.8.6 (CPython, Clang 12.0.0 (clang-1200.0.32.27))
poetry add pyinfra
    [pyinfra.connectors.ssh] Connecting to: device ({'allow_agent': True, 'look_for_keys': True, 'hostname': 'device', '_pyinfra_ssh_forward_agent': None, '_pyinfra_ssh_config_file': None, '_pyinfra_ssh_known_hosts_file': None, '_pyinfra_ssh_strict_host_key_checking': None, '_pyinfra_ssh_paramiko_connect_kwargs': {'timeout': 2, 'auth_timeout': 2, 'channel_timeout': 2, 'banner_timeout': 2}, 'username': 'nvidia', 'timeout': 10, 'password': 'mypassword'})
    [pyinfra.connectors.sshuserclient.client] SSH ProxyJump through sshJump:22
crey21 commented 1 year ago

I think that the issue can be found in : https://github.com/Fizzadar/pyinfra/blob/e10bdc8916348a7bafaa903230c280b039e7f6df/pyinfra/connectors/sshuserclient/client.py#L173-L179 There is no timeout passed when establishing this channel. In paramiko 2.12, the default timeout of open_channel is 3600 seconds, and the channel_timeout parameter of SSHClient.connect doesn't exist yet.