All geek questions in one place

Unable to connect to remote server using Fabric and SSH using key file

I am trying to use the Fabric python script to enter the production server and then run the ls command remotely. Well, I actually have many other commands to run, but I start with a simple list to make it work. My production server uses SSH and is locked, so it needs a private key file and password.

Now I read on some sites how to get this to work, but can't get it to log in for some reason. I think it connects normally, but a message appears:

Password for root:

So, I enter my password (the same as in env.password), and it just keeps popping up a message.

Here is my fabfile.py:

from fabric.api import * env.use_ssh_config = True env.hosts = ["myserver.net"] env.user = "root" env.key_filename = "/home/myusername/.ssh/id_rsa.ppk" env.password = "mypassword" env.port = 22 def testlive(): run("ls")

Here is my SSH configuration in /home/myusername/.ssh/config:

 Host myserver hostname myserver.net port 22 IdentityFile ~/.ssh/id_rsa.ppk

Any ideas on how to do this?

Thank you very much

+4
source share
3 answers

I ended up testing SSH configuration separately from the command line to get this part. I think there was a problem with SSH keys as I used PuTTY to create them, and this format may not have been compatible with OpenSSH, which Linux uses.

So, first I created new SSH keys on my Linux machine without a password for the private key, which made two files id_rsa and id_rsa.pub for me. Then I copied the public key string from id_rsa.pub to the authorized_keys file on the production server. Then I checked from the command line. Once this works, I tested Fabric.

So, the configuration has changed like this:

 from fabric.api import * env.use_ssh_config = True env.hosts = ["myserver"] env.user = "root" env.key_filename = "/home/myusername/.ssh/id_rsa" env.password = "" env.port = 22 def testlive(): run("ls")

Here is my SSH configuration in /home/myusername/.ssh/config:

 Host myserver hostname myserver.net port 22 IdentityFile ~/.ssh/id_rsa

Now it works fine when I run fab testlive from the command line.

+8
source

This problem arose for us after our servers again secured Logjam for PCI compliance. Using https://weakdh.org/sysadmin.html as a link, I updated our / etc / ssh / sshd _config to include the line in it:

 KexAlgorithms curve25519-sha256@libssh.org

Starting with 1.15.2, paramiko does not support this elliptic key exchange algorithm. The weakdh.org page says that the group14-sha1 diffie-hellman non-elliptic algorithm is not vulnerable to Logjam, so changing the line to ...

 KexAlgorithms curve25519-sha256@libssh.org ,diffie-hellman-group14-sha1

... allowed me to make Fabric deployed through SSH, and also supports PCI compliance.

0
source

Solution : ssh-add ~ / .ssh / aws_instance.pem

File Name : fabfile.py
To run from the command line : first add the key, and then run the FAB script

1] ssh-add ~ / .ssh / aws_instance.pem
2] awesome check_status

 from fabric.api import run, env env.hosts = ['myserver_name.in'] env.user = 'ubuntu' def check_status(): """ Will show status for nginx service """ run ("systemctl status nginx.service")
0
source

Source: https://habr.com/ru/post/1433133/

More articles:


All Articles