Comments (23)
It's not a bug, it's a missing feature. It will be great if pssh would ask you
for
your password, but it does not.
Original comment by [email protected]
on 23 Dec 2009 at 12:48
from parallel-ssh.
Does the "-A" option do what you want?
Original comment by [email protected]
on 16 Feb 2010 at 7:43
from parallel-ssh.
Thanks for your response.
Yes, with the -A option it asks me my password.
But it does exactly the same as before. No matter if I type in the good
password or not.
Can you test it with an ssh protected key on your side ?
Original comment by [email protected]
on 18 Feb 2010 at 4:53
from parallel-ssh.
Thanks for letting me know that this is still a problem with the -A option. I
will
try to reproduce it and look into the problem. Thanks.
Original comment by [email protected]
on 18 Feb 2010 at 6:35
from parallel-ssh.
I looked into this a little more, and it looks like this is a packaging bug or
openssh
problem. What distro are you using? What version of ssh do you have (run `ssh
-V`)?
Original comment by [email protected]
on 18 Feb 2010 at 9:01
from parallel-ssh.
Oh, and can you give me the exact output of pssh when you specify the -A
option, in
addition to letting me know the version of ssh? Thanks.
Original comment by [email protected]
on 18 Feb 2010 at 9:02
from parallel-ssh.
[deleted comment]
from parallel-ssh.
No problem!
Here it is :
~/telech/pssh-2.0/bin$ mkdir /tmp/output
~/telech/pssh-2.0/bin$ mkdir /tmp/error
~/telech/pssh-2.0/bin$ vi /tmp/hosts.txt
~/telech/pssh-2.0/bin$ ./pssh -v -A -h /tmp/hosts.txt -o /tmp/output/ -e
/tmp/error/ ls
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password:
[1] 15:22:27 [FAILURE] server1 Exited with error code 255
[2] 15:22:27 [FAILURE] server2 Exited with error code 255
mamau@lotus:~/telech/pssh-2.0/bin$ cat /tmp/error/*
ssh_askpass: exec(/usr/lib/pymodules/python2.5/psshlib/askpass.py): Permission
denied
Permission denied (publickey,password).
ssh_askpass: exec(/usr/lib/pymodules/python2.5/psshlib/askpass.py): Permission
denied
Permission denied (publickey,password).
~/telech/pssh-2.0/bin$ ssh -V
OpenSSH_5.3p1 Debian-1, OpenSSL 0.9.8k 25 Mar 2009
.. And I'm under Debian sid unstable.
Original comment by [email protected]
on 19 Feb 2010 at 2:27
from parallel-ssh.
Okay. It took me a little longer to track this down because I misinterpreted
something in the execve man page. Anyway, this is a packaging bug. Would you
please
open a report with Debian? The Debian package needs to be changed to set the
executable bit for /usr/lib/pymodules/python2.5/psshlib/askpass.py. It looks
like the
same problem is in Fedora, so I'll open a report there.
Original comment by [email protected]
on 19 Feb 2010 at 6:22
from parallel-ssh.
On Sat, Feb 20, 2010 at 02:54:19PM +1000, Andrew Pollock wrote:
>
> Actually why is /usr/lib/pymodules/python2.5/psshlib/askpass.py being
> executed directly? Shouldn't that get imported and then something called
> from it?
The askpass.py file gets executed by ssh when it needs a password. The ssh man
page
has a pretty good description of how this works:
SSH_ASKPASS If ssh needs a passphrase, it will read the
passphrase from the current terminal if it was run
from a terminal. If ssh does not have a terminal
associated with it but DISPLAY and SSH_ASKPASS are
set, it will execute the program specified by
SSH_ASKPASS and open an X11 window to read the
passphrase. This is particularly useful when call-
ing ssh from a .xsession or related script. (Note
that on some machines it may be necessary to redi-
rect the input from /dev/null to make this work.)
If making askpass.py executable really turns out to be a problem, you could move
askpass.py to someplace like /usr/libexec/pssh/askpass.py and then change
psshlib/task.py to refer to this location explicitly.
Replace the lines:
root, ext = os.path.splitext(os.path.abspath(askpass.__file__))
environ['SSH_ASKPASS'] = '%s.py' % root
with something like:
environ['SSH_ASKPASS'] = '/usr/libexec/pssh/askpass.py'
In pssh version 2.0, you'll need to _copy_ askpass.py to that location (and also
leave it as a read-only module in psshlib). In version 2.1, this will be a
little
bit easier, so you can actually just _move_ the file. Version 2.1 will be
probably
be released in the next week or so.
If it would make it easier, I could make this process a bit simpler, starting in
version 2.1. I could make it so you just change one line at the top of task.py
from
"ASKPASS_PATH = None" to "ASKPASS_PATH = '/usr/libexec/pssh/askpass.py'".
Would this
help? If you would use this, I would be happy to add it, but I won't bother
unless
it would actually make a difference.
Please let me know if you have any questions or ideas, and let me know what you
end
up doing. Thanks for your help.
Original comment by [email protected]
on 20 Feb 2010 at 6:21
from parallel-ssh.
By the way, if you're trying to reproduce this problem, you don't actually have
to
use a password-protected ssh key. The "-A" option works for any situation
where ssh
wants to prompt for a password. So the simplest reproducing case is to use
"-A" to
try to connect to a remote system for which passwords are allowed but keys are
not
set up.
Original comment by [email protected]
on 20 Feb 2010 at 6:29
from parallel-ssh.
I figured out how to open a Debian bug report and created one for this issue.
Here's
a link:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570609
Original comment by [email protected]
on 20 Feb 2010 at 6:32
from parallel-ssh.
Ok, I think you discovered another bug in the Debian version, nice.
Now I totally removed my pssh Debian package, in order to be sure to test the
right
pssh and psshlibs.
I think the -A option only works with hosts asking for a password. It doesn't
work to
unlock the ssh private key.
The tests I made with pssh version 2.0 :
With my ssh protected private key :
ssh SERVER # works well without asking any pass (ssh-agent running with key
unlocked)
pssh-2.0/bin$ ./pssh -v -h /tmp/hosts -o /tmp/output/ -e /tmp/error/ ls
[1] 12:07:05 [FAILURE] SERVER Exited with error code 255
pssh-2.0/bin$ cat /tmp/error/SERVER
Permission denied. Please create SSH keys or use the -A option to
provide a password.
Permission denied (publickey,password).
Same test with -A option and typing in my private key pass :
pssh-2.0/bin$ cat /tmp/error/SERVER
Permission denied (publickey,password).
Same test with -A option and typing in the server pass :
pssh-2.0/bin$ cat /tmp/error/SERVER
Permission denied (publickey,password).
Now when I test with a fresh account with no private key, and -A option, and
typing
in the server pass, It works well.
In fact, there is no need to ask any password in my case, because my private
key is
unlocked by ssh-agent. Just calling ssh works without any pass.
Thanks a lot for your support.
Marc
Original comment by [email protected]
on 22 Feb 2010 at 11:13
from parallel-ssh.
Ok, I made one test again. Maybe we are searching the wrong way.
I managed to make it work with my ssh private key !!
In fact, I had to tell pssh the right user in the hosts file :
SERVER root
instead of just :
SERVER
I have "User root" in my ~/.ssh/config file, in order to tell ssh to use "root"
as
default user instead of my own username.
SSH called from pssh seems to ignore the user config. No ?
Original comment by [email protected]
on 22 Feb 2010 at 11:23
from parallel-ssh.
dooblempub, it looks like you found two separate problems. :) Would you mind
posting
the problem from comment #14 as a separate issue? Thanks!
Original comment by [email protected]
on 22 Feb 2010 at 5:44
from parallel-ssh.
I suggest the following fix:
- create a small wrapper in /usr/libexec/pssh/askpass
(together with other ssh askpass bins) and keep askpass.py as is.
- Change task.py with a simple one liner:
--- task.py~ 2009-10-20 23:20:04.000000000 +0200
+++ task.py 2010-02-22 17:18:13.920299074 +0100
@@ -59,7 +59,8 @@
# askpass.py to get a provided password. If the module file is
# askpass.pyc, we replace the extension.
root, ext = os.path.splitext(os.path.abspath(askpass.__file__))
- environ['SSH_ASKPASS'] = '%s.py' % root
+ #environ['SSH_ASKPASS'] = '%s.py' % root
+ environ['SSH_ASKPASS'] = '/usr/libexec/pssh/askpass'
if askpass_socket:
environ['PSSH_ASKPASS_SOCKET'] = askpass_socket
# Work around a mis-feature in ssh where it won't call SSH_ASKPASS
askpass in libexec attached.
Implemented this gives python logic in python dirs and bins in /usr/libexec,
which is
FHS way.
Original comment by [email protected]
on 22 Feb 2010 at 6:30
Attachments:
from parallel-ssh.
terjeros, I just added a file to the repository called libexec/pssh_askpass,
which is
basically the same as the file you attached. I also added an executable_path()
function to askpass.py which can try several paths to find an executable pssh.
For
now, the list includes /usr/libexec/pssh/pssh_askpass and
/usr/local/libexec/pssh/pssh_askpass. Take a look and see what you think.
If you like this change, then all I have to do is figure out how to make
setup.py
install the file to /usr/libexec.
Original comment by [email protected]
on 22 Feb 2010 at 10:31
- Changed state: Started
from parallel-ssh.
Okay, it looks like there's no way to get setup.py to install things to
/usr/libexec.
From the setuptools documentation, "Note, by the way, that this encapsulation
of data
files means that you can't actually install data files to some arbitrary
location on a
user's machine; this is a feature, not a bug."
What if the RPM just copied libexec/pssh_askpass to
/usr/libexec/pssh/pssh_askpass?
Original comment by [email protected]
on 22 Feb 2010 at 10:55
from parallel-ssh.
You can add something like this:
diff --git a/setup.py b/setup.py
index 84d64e7..b572d74 100644
--- a/setup.py
+++ b/setup.py
@@ -34,5 +34,6 @@ setup(
],
packages = find_packages(),
+ data_files = [('/usr/libexec/pssh', ['bin/askpass'])],
scripts = [os.path.join("bin", p) for p in ["pssh", "pnuke", "prsync", "pslurp",
"pscp"]]
)
However, the execute bit must be set by other means it seems.
Anyway, this is easy to fix in the rpm spec, your call.
Original comment by [email protected]
on 23 Feb 2010 at 8:53
from parallel-ssh.
I'll keep on looking for a way to get setuptools to set the execute bit. If I
can't
find an easy way to do that, I do have an alternative idea. We could put
pssh-askpass
into bin/ (so setuptools will make it executable) and then make pssh look for
either
/usr/bin/pssh-askpass or /usr/libexec/pssh/pssh-askpass. Then it would be in
/usr/bin
by default, but packagers could move it to /usr/libexec at their discretion.
What do
you think of this idea? Of course, I'll keep trying to find a good way to get
the
execute bit set in setuptools.
Original comment by [email protected]
on 23 Feb 2010 at 11:20
from parallel-ssh.
I've read some more documentation, blog entries, etc., and as far as I can
tell,
setuptools really doesn't want to deal with anything other than scripts and
modules.
So I'm committing a change that puts pssh-askpass into the bin directory, and
packagers can move this to /usr/libexec. Does that sound good?
Original comment by [email protected]
on 24 Feb 2010 at 12:08
from parallel-ssh.
I've touched this up one last time, and I think that this is a good, clean
solution.
I've put pssh-askpass into the bin directory, and I added some text to the
INSTALL
file directing packagers to move this from /usr/bin/pssh-askpass to
/usr/libexec/pssh/pssh-askpass. I've done some testing, and it looks like
everything
works in either location.
I think I'm about ready to cut a 2.1 release including this change, and I think
it
will be better for everyone. I'll mark this bug as fixed, but please reopen it
if
you have any reservations about the solution. Thanks to everyone for helping.
Original comment by [email protected]
on 24 Feb 2010 at 5:45
- Changed state: Fixed
from parallel-ssh.
Thanks, No problem.
Anyway Issue 14 (ssh user config) solved my problem. Once my ssh key is
unlocked,
pssh works fine (no need for -A option).
Original comment by [email protected]
on 26 Feb 2010 at 1:23
from parallel-ssh.
Related Issues (20)
- API module to enable easier use of PSSH as a library (patch included)
- TypeError when using Input script
- Erorr Code 255
- Not allowing relative paths makes no sense HOT 3
- pslurp can't use rsync HOT 2
- Patch: pass -o SendEnv in a way that is friendly on Mac OS HOT 1
- How to distribute different files to different hosts? HOT 1
- motd being printed only on debian squeeze boxes HOT 4
- SIGINFO handler gives task status HOT 1
- Manpage name problem HOT 1
- Sudo requires allocation of a real pseudoterminal HOT 6
- Installation errors: "setup.py install" HOT 1
- pslurp multiple files HOT 1
- Bandwith limit with pscp (parallel scp) HOT 4
- Summary of failed and successful execution HOT 2
- Teardown code in test classes is never called
- IPv6 host address processing broken
- Allow '-' as an alias for stdin
- cannot parse for more than one -O/-o options; cannot use -i option
- Crash on Archlinux/Python3.4 when asking for password (Includes one line fix) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from parallel-ssh.