New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom SSH Credentials #2416
Comments
Hi! You can already provide a custom password through the ssh_adapter = MySSHAdapter(url, key_path)
client = APIClient(base_url='ssh://bogus:22')
client.mount('http+docker://ssh', ssh_adapter) I think eventually we may want to have the option of passing a private key to the Hope that helps! |
Hey, thanks for your reply, but there are some issues with your recommendations.
What does this mean? Password in URL
This is not right. I get the following exception:
Also as you can see in the source I quoted in my original comment, there is no way that the password would be used for the ssh connection, even if the url were valid. Setting a Custom AdapterSo regardless of whether you want to use a password or a custom key file, you would definitely need to provide a custom Adapter class. And your recommended code to do so does not work because it will try to connect to a host called "bogus" on line two. If you leave out base_url, it changes it to http+unix and tries to connect to the local docker daemon. If there is no local docker daemon, it fails here. There's no way to instantiate an APIClient without it trying to connect to a docker daemon. This is what I was talking about with __init__ doing too much and was the whole reason why I made this ticket. A better design would be that APIClient does not even try to connect unless you explicitly call a method that needs a connection. There needs to be a way to provide a custom adapter or at least ssh credentials. APIClient.__init__ should really be broken up into several methods and SSHHTTPAdapter needs some changes too. Does SSH work at all?I actually tried using a hostname that my ssh agent can provide a key for and I got a valid SSH connection. But then I saw this error whenever I tried to do anything. It looks like it's treating the ssh connection like it can make GET requests directly over that connection which doesn't seem right.
|
@dnut FYI I just got SSH to work to answer your question. It's not documented and i had to read through some of the source code but here are a few things i learned.
|
@cmcga1125 I can get SSH to work on my desktop, but I need this to run on our build servers with custom credentials.
This is a problem for me. I need to be able to specify any key file. |
@dnut - i'm running in a docker container - which allows me to map in the file, would that work? |
Bump. I just went down the same rabbit hole as @dnut . Being able to specify the path to a SSH keyfile and/or the key material directly via an argument is very much needed for any automation when using this feature. |
Got the same issue here. I am using this sdk but, I had to shift to the CLI option since it was not clear to me whether authenticating with SSH credentials was an option for the sdk.
The answer provided by @cmcga1125 helps, but a slightly more elaborated step-by-step would really be super nice! :)
|
This article says in the first paragraph, that password authentication is not possible when using a docker host for SSH. So a key gen must be used. Which makes The situation worse,the keygen is not on my pc. Its on my VPS, do I have to download it to my local pc? |
Upvoting this. Need it in airflow and other stuff. |
Got the ssh config to work using the custom sshAdapter mentioned in one of the posts: This can also be modified to use password auth easily. |
Hey,
|
The Version="1.41" wont be necessary, if you implement it directly. Docker is trying to get the Version directly after configurating the SSHHTTPAdapter. Because we don't need to override it later anymore, we also don't need to disable the version checking :) |
Here's my monkeypatch to make this work with modern keys. I did this because I want to use the DockerClient rather than the ApiClient. SSHHTTPAdapter_create_paramiko_client = SSHHTTPAdapter._create_paramiko_client
def SSHHTTPAdapter_patched_create_paramiko_client(self, *args, **kwargs):
SSHHTTPAdapter_create_paramiko_client(self, *args, **kwargs)
self.ssh_params["key_filename"] = str(Path("~/.ssh/id_ed25519").expanduser())
SSHHTTPAdapter._create_paramiko_client = SSHHTTPAdapter_patched_create_paramiko_client I'm very surprised I need to do it this way, is there an option I'm missing? |
I can't rely on an ssh agent to provide a private key. Sometimes I need to provide a password, sometimes I need to manually load the key file. But the docker-py code only connects with this in SSHHTTPAdapter:
There is no flexibility here. How am I supposed to connect with a custom key or password? I thought I might hack my way in by reassigning APIClient._custom_adapter to my own subclass of SSHHTTPAdapter, but then I realized the APIClient.__init__ is a huge mess that does way too much. That method would always raise an exception so I would also have to totally reimplement that method in a subclass. This is too much maintenance overhead for my deployment script that I would like to keep as simple as possible.
It should be exposed in SSHHTTPAdapter. I might even recommend doing both of these:
It should also be exposed somehow in APIClient.__init__, for example:
a. Explicit parameters (a bit messy considering this is not an SSH specific class)
b. General purpose configuration object (dict or better yet custom configuration class)
I'm happy to take the lead on this and submit a PR, but I would like to get some feedback first.
The text was updated successfully, but these errors were encountered: