Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Support authentication via ssh-agent #246

Closed
dosas opened this issue Sep 19, 2023 · 7 comments
Closed

Feature request: Support authentication via ssh-agent #246

dosas opened this issue Sep 19, 2023 · 7 comments

Comments

@dosas
Copy link
Contributor

dosas commented Sep 19, 2023

ssh2-python supports authentication using ssh-agent.

Could this be added here additionally to password and key file?

There are setups where for security reasons the password is not given and only login via ssh-key is allowed. Furthermore the key is stored in the agent as not to be leaked in any CI setup.
@JacobCallahan
Copy link
Member

@dosas thanks for raising this interesting issue. Is something like this what you're thinking about?

        if key_filename:
            if not Path(key_filename).exists():
                raise FileNotFoundError(f"Key not found in '{key_filename}'")
            self.session.userauth_publickey_fromfile(user, key_filename)
        elif kwargs.get("password"):
            self.session.userauth_password(user, kwargs["password"])
        elif user:
            try:
                self.session.agent_auth(user)
            except Exception as err:
                raise exceptions.AuthenticationError("Agent-based authentication failed.") from err
        else:
            raise exceptions.AuthenticationError("No password or key file provided.")

Additionally, I'd be interested in knowing how you came across this project and this particular area of Broker.

@dosas
Copy link
Contributor Author

dosas commented Sep 19, 2023

@JacobCallahan yes that is exaclty what I was thinking about :) Very nice.

I came accross this project when trying to run some tests with robottelo.

@JacobCallahan
Copy link
Member

Ahh nice, welcome!

@dosas
Copy link
Contributor Author

dosas commented Sep 20, 2023

Should I create a PR?

@JacobCallahan
Copy link
Member

@dosas If you're willing to propose the change and run through a few test scenarios, then please do!

@dosas
Copy link
Contributor Author

dosas commented Sep 25, 2023

I could not find any tests for session, what do you mean by run through a few test scenarios?

@JacobCallahan
Copy link
Member

@dosas since you can't really run our functional tests (no access to internal resources), then that would be manual tests using the different authentication methods against a remote host of your own. Of course, please sanitize any sensitive information.

# key-based auth
test_host = Host(hostname="my.test.host", key_filename="/path/to/key")
assert test_host.hostname in test_host.execute("hostname").stdout


# password-based auth
test_host = Host(hostname="my.test.host", username="myuser", password="mypassword")
assert test_host.hostname in test_host.execute("hostname").stdout


# agent-based auth
test_host = Host(hostname="my.test.host", username="myuser")
assert test_host.hostname in test_host.execute("hostname").stdout

@dosas dosas mentioned this issue Sep 26, 2023
Merged
@dosas dosas closed this as completed Oct 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dosas @JacobCallahan