inspec exec doesn't work for SSH

[anniehedgpeth]

Description

I'm giving a presentation on InSpec tonight and can't run a test on a remote host.

InSpec and Platform Version

InSpec version 1.7.2
OS X El Capitan
Version 10.11.6

Replication Case

With my Azure vm running, I ran an inspec exec command to run a profile from github to an Azure vm by ssh'ing into it, and it would not allow me. I was, however, able to run my github profile locally.

inspec exec https://github.com/anniehedgpeth/inspec-presentation -t ssh://annie@inspec.southcentralus.cloudapp.azure.com --user='annie' –-password='xxxx'

Possible Solutions

Could I have two different versions of InSpec installed? If so, how do I direct the path to the InSpec version that I want to use (the latest version)?

[anniehedgpeth:~/chef_repo/profiles]$ inspec version          
WARN: Unresolved specs during Gem::Specification.reset:
      ffi (>= 1.0.1)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
1.7.2

[anniehedgpeth:~/chef_repo/profiles]$ chef exec inspec version
Ignoring unf_ext-0.0.7.2 because its extensions are not built.  Try: gem pristine unf_ext --version 0.0.7.2
1.4.1

Stacktrace

#With password

[anniehedgpeth:~]$ inspec exec https://github.com/anniehedgpeth/inspec-presentation -t ssh://annie@inspec.southcentralus.cloudapp.azure.com --user='annie' –-password='xxxx'
WARN: Unresolved specs during Gem::Specification.reset:
      ffi (>= 1.0.1)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
Client error, can't connect to 'ssh' backend: You must configure at least one authentication method for SSH: Agent, Key or Password.

#Without password

[anniehedgpeth:~]$ inspec exec https://github.com/anniehedgpeth/inspec-presentation -t ssh://annie@mc-inspec.southcentralus.cloudapp.azure.com
WARN: Unresolved specs during Gem::Specification.reset:
      ffi (>= 1.0.1)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
Client error, can't connect to 'ssh' backend: You must configure at least one authentication method for SSH: Agent, Key or Password.

#With key

[anniehedgpeth:~]$ inspec exec https://github.com/anniehedgpeth/inspec-presentation -t ssh://annie@mc-inspec.southcentralus.cloudapp.azure.com -i /Users/anniehedgpeth/.ssh/id_rsa.pub
WARN: Unresolved specs during Gem::Specification.reset:
      ffi (>= 1.0.1)
WARN: Clearing out unresolved specs.
Please report a bug if this causes problems.
I, [2016-12-11T23:26:28.285826 #17403]  INFO -- : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user annie@mc-inspec.southcentralus.cloudapp.azure.com>)
I, [2016-12-11T23:26:45.129991 #17403]  INFO -- : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user annie@mc-inspec.southcentralus.cloudapp.azure.com>)
I, [2016-12-11T23:27:02.003399 #17403]  INFO -- : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user annie@mc-inspec.southcentralus.cloudapp.azure.com>)
I, [2016-12-11T23:27:19.015009 #17403]  INFO -- : [SSH] connection failed, retrying in 1 seconds (#<Net::SSH::AuthenticationFailed: Authentication failed for user annie@mc-inspec.southcentralus.cloudapp.azure.com>)
W, [2016-12-11T23:27:35.394362 #17403]  WARN -- : [SSH] connection failed, terminating (#<Net::SSH::AuthenticationFailed: Authentication failed for user annie@mc-inspec.southcentralus.cloudapp.azure.com>)
Transport error, can't connect to 'ssh' backend: SSH session could not be established

[chris-rock]

@anniehedgpeth Are you able to log into the machine via ssh command?

[chris-rock]

It also looks like you used your public key instead of the private key: -i /Users/anniehedgpeth/.ssh/id_rsa.pub. It should be -i /Users/anniehedgpeth/.ssh/id_rsa

[anniehedgpeth]

I was. I deleted that machine, though, so I'm going to try another. Michael told me to use public - ha. I'll change that, too.

eta: was misunderstanding about pub vs private, but I get it now - thanks

[chris-rock]

The public key must be set in ~/.ssh/authorized_keys on the server. See https://www.digitalocean.com/community/tutorials/how-to-configure-ssh-key-based-authentication-on-a-linux-server

If you use ssh-add InSpec can pick up your local ssh config as well.

# this will add ssh private key to local ssh
ssh-add

# now log into the machine via
ssh annie@mc-inspec.southcentralus.cloudapp.azure.com
# exit the ssh session via `exit`

# now with inspec, no key parameter required anymore, inspec uses the key from native ssh
inspec exec https://github.com/anniehedgpeth/inspec-presentation -t ssh://annie@mc-inspec.southcentralus.cloudapp.azure.com

[anniehedgpeth]

Awesome, that works. Thanks so much, @chris-rock !!!!

[lilmansplace]

Seems like just getting it to work with an SSH key is hardly a fix to the issue where a password isn't working. Does the inspec verifier not support SSH with passwords? I'm able to ssh into the host with username and password, but inspec command doesn't work with username and password.

[chris-rock]

@lilmansplace InSpec works with username and password with no issue. Please open a new issue for that case

[lilmansplace]

@chris-rock - Done: #1970