I need to connect to an EC2 instance through a gateway. The key file is stored on the gateway machine. The following ssh command connects me:
ssh -t gateway ssh ec2
However, in my fabfile, I have the following set:
env.hosts = ['ec2.<snip>.compute.amazonaws.com'] env.gateway = 'gateway'
But it tells me the password when connecting to ec2.
The troubleshooting guide talks about running the command with 'ssh -t'. When I do this, it works:
local> ssh -t gateway ssh ec2.compute.amazonaws.com /bin/bash -l -c "uname -a" Linux Connection to gateway closed.
Here is information on debugging fabric and paramiko:
local> fab --show=debug uname Using fabfile '/home/matt/.../fabfile.py' Commands to run: uname Parallel tasks now using pool size of 1 [ec2-.compute.amazonaws.com] Executing task 'uname' [ec2-.compute.amazonaws.com] run: /bin/bash -l -c "uname -a" Creating new gateway connection to 'gateway' DEBUG:paramiko.transport:starting thread (client mode): 0xb6e50dd0L INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.3) DEBUG:paramiko.transport:kex algos:[u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u' rijndael-cbc@lysator.liu.se '] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u' rijndael-cbc@lysator.liu.se '] client mac:[u'hmac-md5', u'hmac-sha1', u' umac-64@openssh.com ', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u' hmac-ripemd160@openssh.com ', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u'hmac-md5', u'hmac-sha1', u' umac-64@openssh.com ', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u' hmac-ripemd160@openssh.com ', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u' zlib@openssh.com '] server compress:[u'none', u' zlib@openssh.com '] client lang:[u''] server lang:[u''] kex follows?False DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEBUG:paramiko.transport:Switch to new keys ... DEBUG:paramiko.transport:Trying SSH agent key e35b78f<snip>80bff41ce73484 DEBUG:paramiko.transport:userauth is OK INFO:paramiko.transport:Authentication (publickey) successful! DEBUG:paramiko.transport:[chan 0] Max packet in: 32768 bytes DEBUG:paramiko.transport:[chan 0] Max packet out: 32768 bytes DEBUG:paramiko.transport:Secsh channel 0 opened. DEBUG:paramiko.transport:starting thread (client mode): 0xb6eacf10L INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_6.2) DEBUG:paramiko.transport:kex algos:[u'ecdh-sha2-nistp256', u'ecdh-sha2-nistp384', u'ecdh-sha2-nistp521', u'diffie-hellman-group-exchange-sha256', u'diffie-hellman-group-exchange-sha1', u'diffie-hellman-group14-sha1', u'diffie-hellman-group1-sha1'] server key:[u'ssh-rsa', u'ssh-dss', u'ecdsa-sha2-nistp256'] client encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u' aes128-gcm@openssh.com ', u' aes256-gcm@openssh.com ', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u' rijndael-cbc@lysator.liu.se '] server encrypt:[u'aes128-ctr', u'aes192-ctr', u'aes256-ctr', u'arcfour256', u'arcfour128', u' aes128-gcm@openssh.com ', u' aes256-gcm@openssh.com ', u'aes128-cbc', u'3des-cbc', u'blowfish-cbc', u'cast128-cbc', u'aes192-cbc', u'aes256-cbc', u'arcfour', u' rijndael-cbc@lysator.liu.se '] client mac:[u' hmac-md5-etm@openssh.com ', u' hmac-sha1-etm@openssh.com ', u' umac-64-etm@openssh.com ', u' umac-128-etm@openssh.com ', u' hmac-sha2-256-etm@openssh.com ', u' hmac-sha2-512-etm@openssh.com ', u' hmac-ripemd160-etm@openssh.com ', u' hmac-sha1-96-etm@openssh.com ', u' hmac-md5-96-etm@openssh.com ', u'hmac-md5', u'hmac-sha1', u' umac-64@openssh.com ', u' umac-128@openssh.com ', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u' hmac-ripemd160@openssh.com ', u'hmac-sha1-96', u'hmac-md5-96'] server mac:[u' hmac-md5-etm@openssh.com ', u' hmac-sha1-etm@openssh.com ', u' umac-64-etm@openssh.com ', u' umac-128-etm@openssh.com ', u' hmac-sha2-256-etm@openssh.com ', u' hmac-sha2-512-etm@openssh.com ', u' hmac-ripemd160-etm@openssh.com ', u' hmac-sha1-96-etm@openssh.com ', u' hmac-md5-96-etm@openssh.com ', u'hmac-md5', u'hmac-sha1', u' umac-64@openssh.com ', u' umac-128@openssh.com ', u'hmac-sha2-256', u'hmac-sha2-512', u'hmac-ripemd160', u' hmac-ripemd160@openssh.com ', u'hmac-sha1-96', u'hmac-md5-96'] client compress:[u'none', u' zlib@openssh.com '] server compress:[u'none', u' zlib@openssh.com '] client lang:[u''] server lang:[u''] kex follows?False DEBUG:paramiko.transport:Ciphers agreed: local=aes128-ctr, remote=aes128-ctr DEBUG:paramiko.transport:using kex diffie-hellman-group14-sha1; server key type ssh-rsa; cipher: local aes128-ctr, remote aes128-ctr; mac: local hmac-sha1, remote hmac-sha1; compression: local none, remote none DEBUG:paramiko.transport:Switch to new keys ... DEBUG:paramiko.transport:Adding ssh-rsa host key for ec2-.compute.amazonaws.com: 4fb53<snip>8579c5f DEBUG:paramiko.transport:Trying SSH agent key e35b78f1<snip>484 DEBUG:paramiko.transport:userauth is OK INFO:paramiko.transport:Authentication (publickey) failed. DEBUG:paramiko.transport:Trying discovered key e35b78<snip>484 in /home/matt/.ssh/id_rsa DEBUG:paramiko.transport:userauth is OK INFO:paramiko.transport:Authentication (publickey) failed. [ec2-.compute.amazonaws.com] Login password for 'user':
It seems like paramiko is trying to use key files from my local machine. How to force the fabric to use the key file from the gateway machine?