Reputation: 4338
Can't connect to remote server with Fabric and SSH using key file
I'm trying to use a Fabric python script to log into the production server then run the 'ls' command remotely. Well I actually have lots of other commands to run, but I'm starting off with a simple list to get it working. My production server uses SSH and is locked down so it needs a private key file and password.
Now I've been reading up on some sites about how to get this to work, but can't get it to log in for some reason. I think it connects ok but a message comes up saying:
Login password for 'root':
So I enter my password (same as the one in env.password) and it just keeps popping up the message.
Here's my fabfile.py:
from fabric.api import *
env.use_ssh_config = True
env.hosts = ["myserver.net"]
env.user = "root"
env.key_filename = "/home/myusername/.ssh/id_rsa.ppk"
env.password = "mypassword"
env.port = 22
def testlive():
run("ls")
Here's my SSH config in /home/myusername/.ssh/config:
Host myserver
hostname myserver.net
port 22
IdentityFile ~/.ssh/id_rsa.ppk
Any ideas on how to get this working?
Many thanks
Upvotes: 4
Views: 10604
Answers (3)
Reputation: 6123
Solution: ssh-add ~/.ssh/aws_instance.pem
File Name : fabfile.py
To run from command prompt : First add key and then run fab script
1] ssh-add ~/.ssh/aws_instance.pem
2] fab check_status
from fabric.api import run, env
env.hosts = ['myserver_name.in']
env.user = 'ubuntu'
def check_status():
"""
Will show status for nginx service
"""
run ("systemctl status nginx.service")
Upvotes: 0
Reputation: 2187
This problem occurred for us after hardening our servers agains Logjam for PCI compliance. Using https://weakdh.org/sysadmin.html as a reference, I had updated our /etc/ssh/sshd_config to include the line:
KexAlgorithms [email protected]
As of 1.15.2, paramiko does not appear to support this elliptic key exchange algorithm. The weakdh.org page says that the non-elliptic group14-sha1 diffie-hellman algorithm is not vulnerable to Logjam, so changing the line to...
KexAlgorithms [email protected],diffie-hellman-group14-sha1
...allowed me to do Fabric deploys over SSH as well as maintaining PCI compliance.
Upvotes: 0
Reputation: 4338
I ended up testing the SSH config separately from the command line first to get that part working. I think there was a problem with the SSH keys as I had used PuTTY to generate them and that format may have been incompatible with the OpenSSH ones that Linux uses.
So first I made new SSH keys on my linux machine without a password for the private key which made two files for me id_rsa and id_rsa.pub. Then I copied the public key string from id_rsa.pub into the authorized_keys file on the production server. Then I tested from the command line. Once that was working I tested with Fabric.
So config changed to look like:
from fabric.api import *
env.use_ssh_config = True
env.hosts = ["myserver"]
env.user = "root"
env.key_filename = "/home/myusername/.ssh/id_rsa"
env.password = ""
env.port = 22
def testlive():
run("ls")
Here's my SSH config in /home/myusername/.ssh/config:
Host myserver
hostname myserver.net
port 22
IdentityFile ~/.ssh/id_rsa
Now works fine when I run fab testlive from the commandline.
Upvotes: 8
Related Questions
- Fabric asks for password even though I can SSH using credential
- Using an SSH keyfile with Fabric
- Basic Fabric SSH Connection
- fabric can't detect multiple ssh keys on remote
- How to provide public key pass phrase in python fabric
- fabric keeps asking for password
- Trying to SSH using Python and fabric
- How to configure fabric with SSH key on a Window machine
- Fabric error when connecting to multiple hosts with ssh config file & RSA keys
- Python Fabric : tricky ssh issue