SSH key forwarding

[bitprophet]

Description

Paramiko doesn't support this feature yet. Either add it to Paramiko/our fork of Paramiko, or do some horrible workaround like a subprocess doing ssh -A -N <env.host_string> (if that would even work correctly -- would the key forwarded by that connection be usable by a Paramiko connection?)

---

See also this LincolnLoop blog post which uses a "route stuff through local()" approach. Not a panacea (doesn't mesh with actual execution strategy; won't pick up any of the context managers like cd(); etc) but still worth investigating as a temporary workaround.

---

Originally submitted by Jeff Forcier (bitprophet) on 2009-10-25 at 07:05pm EDT

Relations

• Related to Once Git can be used, update tutorial to use it. #73: Once Git can be used, update tutorial to use it.
• Related to Paramiko doesn't support Kerberos #195: Paramiko doesn't support Kerberos
• Related to Make use of ssh_config where possible #3: Make use of ssh_config where possible
• Related to Consider forking Paramiko #275: Consider forking Paramiko

[bitprophet]

Charles Leifer (coleifer) posted:

---

I'm using the lincolnloop approach with a small tweak to use the context managers::

def run(command, shell=True, pty=True):
    """
    Helper function.
    Runs a command with SSH agent forwarding enabled.

    Note:: Fabric (and paramiko) can't forward your SSH agent. 
    This helper uses your system's ssh to do so.
    """
    real_command = command
    if shell:
        cwd = env.get('cwd', '')
        if cwd:
            cwd = 'cd %s && ' % _shell_escape(cwd)
        real_command = '%s "%s"' % (env.shell,
            _shell_escape(cwd + real_command))
    if output.debug:
        print("[%s] run: %s" % (env.host_string, real_command))
    elif output.running:
        print("[%s] run: %s" % (env.host_string, command))
    local("ssh -A %s '%s'" % (env.host_string, real_command))

---

on 2010-05-08 at 08:23pm EDT

[bitprophet]

Antti Kaihola (akaihola) posted:

---

Paramiko seems to have a ticket and a patch for this.

---

on 2010-11-26 at 03:56am EST

[bitprophet]

Johan Charpentier (cyberj) posted:

---

The previous pull request is closed. The new paramiko's pull request using the same patch is here

But robey need some tests with this patch and I don't know how to test this.

So, if people want to see this issue solved, feel free to improve the pull request with some tests :)

After this pull request, its easy to patch Fabric code

---

on 2011-06-19 at 08:45am EDT

[tobami]

We would also like to have this feature for LittleChef. Let's hope paramiko gets it working soon.

We track the feature ourselves here: tobami/littlechef#59

[bendavis78]

I'm confused on the status of this. From the comment on Aug 18, it seems like all this needs is testing in order for it to be merged in? Or is this being worked on in the new ssh library?

[bendavis78]

Never mind, found this discussion. I suppose I can try to get the pull request mentioned above working with the new ssh library.

[bendavis78]

Ok, I forked the ssh library and ported over the pull request mentioned above. Just had to fix a couple of conflicts, but nothing major.

bitprophet/ssh#1

If anyone knows a good way to write tests for this, that'd be great. At the very least I guess it would be good for people to test it out and provide feedback. If anyone wants to try it out right now, you can install ssh from my fork, and then install fabric from my fork (which just adds the couple of lines needed).

[jravetch]

Is this fix implemented in 1.3.3 or the next release?

[bitprophet]

"Feature" issues are only released in minor releases; this isn't exactly a bugfix :) see Development for how we release stuff.

Or just look at the Milestone field here on Github ;) it's marked for 1.4. I expect 1.3.4 and 1.4 to be out relatively close to each other, probably within a week or two depending on how my day job goes.

[cjw296]

Any idea when 1.4 is going to land?