env.gateway doesn't honor the content of env.passwords #884

mnencia opened this Issue Apr 9, 2013 · 6 comments


None yet

6 participants

mnencia commented Apr 9, 2013

The fabric.network.connect(user, host, port) function uses the function fabric.auth.get_password() to retrieve the password, and that function always return the password related to the current env.host_string.

This approach works with only one one level of connections, but when you use a env.gateway setting, the first connect host parameter will match the env.host_string content, so it will retrieve the wrong password.


from fabric.api import *

def run():
    run('uname -n')

This will end to a try to log on 'gwuser@gwhost' using 'pass' as password instead of 'gwpass'.


Thanks for the report, I acknowledge the issue. Seems easy to fix by switching get/set_password to take explicit user/host/port arguments instead of relying on shared state. Testing that change now.


Fixed in d41e39b (forgot the pound sign in commit msg, oops). Please reopen if that didn't do it - I don't have any good password-friendly gateways to test on right now. Key-only auth for life! ;)

@bitprophet bitprophet closed this May 27, 2013
yupbank commented Jul 31, 2015

hey man, this fails again.

Fabric 1.10.2
Paramiko 1.15.2

my setting is that from local -> proxy -> host
and i need a password for proxy and after proxy the ssh_key from proxy would help to login.
but as my code below, fab first try to connect host directly :(


from fabric.api import *

env.gateway = 'user_proxy@host_proxy'
env.hosts = ['user@host']

env.passwords = {
    'user_proxy@host_proxy': 'password_proxy',
    'user@host': 'pass'

def uptime():
    res = run('cat /proc/uptime')
    print res

run fab uptime

zjiekai commented Jan 12, 2016

Hi, @yupbank, @bitprophet

In my case this will fix env.passwords

env.passwords = {
    ('user_proxy@host_proxy',): 'password_proxy',
    ('user@host',): 'pass'

Port seems to be needed after fix d41e39b.

env.passwords = {
'user_proxy@host_proxy:22': 'password_proxy',
'user@host:22': 'pass'

That works for me. It wouldn't work without the port. Cheers

sohamnavadiya commented Jan 15, 2017 edited

How can I use .pem file instead of password in above case?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment