search

saltstack / salt

Software to automate the management and configuration of any infrastructure or application at scale. Install Salt from the Salt package repositories here:
https://docs.saltproject.io/salt/install-guide/en/latest/
Apache License 2.0
14.17k stars 5.48k forks source link

salt-ssh --askpass --priv=...: Private key file need passphrase #52021

Open ghost opened 5 years ago

ghost commented 5 years ago

Description of Issue/Question

Setup

Saltfile:

salt-ssh:
  roster_file: salt/roster
  config_dir: salt
  log_file: salt/ssh.log

salt/master:

root_dir: salt
file_roots:
  base:
    - salt/states
pillar_roots:
  base:
    - salt/pillars

salt/roster:

NODENAME:
  host: ...
  user: ...
  sudo: True
  tty: True

Steps to Reproduce Issue and Actual Output

$ salt-ssh -i --askpass --priv=... '*' test.ping
Password: 
NODENAME:
    ----------
    retcode:
        254
    stderr:
        Private key file need passphrase
    stdout:

Expected output

Password: 
NODENAME:
    True

Versions Report

Salt Version:
           Salt: 2019.2.0

Dependency Versions:
           cffi: 1.12.2
       cherrypy: Not Installed
       dateutil: Not Installed
      docker-py: 2.6.0
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.6.1
   mysql-python: Not Installed
      pycparser: 2.19
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.15 (default, Oct 15 2018, 15:26:09)
   python-gnupg: Not Installed
         PyYAML: 3.13
          PyZMQ: 17.0.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 5.1.1
            ZMQ: 4.1.6

System Versions:
           dist: fedora 29 Twenty Nine
         locale: UTF-8
        machine: x86_64
        release: 4.20.13-200.fc29.x86_64
         system: Linux
        version: Fedora 29 Twenty Nine
garethgreenaway commented 5 years ago

@urzds Thanks for the report. It's my understanding that this is currently not possible with Salt SSH and the suggested method for using a private key with a passphrase is to utilize SSH Agent.

max-arnold commented 5 years ago

Isn't it possible since Fluorine? https://docs.saltstack.com/en/develop/topics/releases/fluorine.html#saltssh-major-updates (see SaltSSH now support private key's passphrase).

garethgreenaway commented 5 years ago

@max-arnold Yup. Does appear that you can pass it along on the command line as an argument or include it in the configuration file, based on the example above it appears neither is being done and the expectation was to be prompted for the passphrase.

ghost commented 5 years ago

@max-arnold Yup. Does appear that you can pass it along on the command line as an argument or include it in the configuration file, based on the example above it appears neither is being done and the expectation was to be prompted for the passphrase.

Correct.