Skip to content


Optionally avoid using ssh if going to localhost #98

bitprophet opened this Issue · 46 comments
Fabric member


run()/sudo() would intelligently see that you're going to localhost and just run local() instead. This would probably be an optional thing.

Comments from Jeff on IRC:

and yea, I mean there's always going to be overhead with ssh vs straight pipes offhand I don't think it would be terrifically difficult to update run/sudo (especially in master now that they've been refactored) to call/return local() intelligently I'm not positive that I'd want that semi magical behavior in core (even with it off by default with an optin to enable it, tho that would help) but even so, it'd be an interesting experiment. and if it is as simple as I'm thinking I honestly can't come up with a good reason not to (again provided it is not the default behavior)

Originally submitted by Nick Welch (mackstann) on 2009-11-11 at 01:39pm EST


  • Duplicated by #364: Allow for local operation to bypass SSH layer
  • Related to #26: Implement "dry run" feature
@bitprophet bitprophet was assigned
Fabric member

James Pearson (xiong.chiamiov) posted:

As also mentioned on irc, I don't normally run ssh server on a desktop machine, so I can't actually ssh to localhost.

on 2009-11-11 at 03:13pm EST

Fabric member

Travis Swicegood (tswicegood) posted:

I've just implemented something similar this evening in the form of a new fabric.operations function called do. It looks at env.run_as to see if it equals "local", and in doing so switches out to the local method instead of the run (or sudo if sudo=True is passed in as a kwarg). It also handles prefixing local commands with sudo in the event they're running local.

This is sort of a different way around this problem which works without changing the behavior of run or sudo. These changes are available in my repository.

on 2010-01-11 at 12:22am EST

Fabric member

Morgan Goose (goosemo) posted:

I really don't see this being plausible. What's the point in doing run as local. One of the requirements of Fabric is sshd running on the machine, remote or loopback. The other problem being that only changing local doesn't take into account put, get, rsync_project, and others that would all still need ssh. Trying to implement those, would just really cause more issues, since it's now in the realm of making fabfiles translate to bash.

on 2011-03-13 at 11:14pm EDT

Fabric member

Jeff Forcier (bitprophet) posted:

While I'm also not 100% convinced this is a great idea, it's clearly something a number of users feel the need for -- another request has been lodged as #364 with another explanation of the use case.

I've also added the dry-run ticket as related to this one, because (I assume -- if any of the requesting users can verify this that'd be great) the main use case for this feature is for testing/dry-running.

on 2011-06-23 at 11:26am EDT

Fabric member

As noted in #538, if we're ever able to fully normalize the three runners so they can be used interchangeably, we'll need to make sure that shell escaping works consistently across them. Right now we don't shell escape local, though that's at least partly because it's not using a shell wrapper.


If anyone is wondering "why would anyone do this?", the answer is that if you have a deployment pipeline, it can be helpful to run the same exact deployment script, no matter which environment, rather than having a special setup script for localhost vs. everything else.


+1 for the feature







To hold you over, you can just make sure you have the OpenSSH server running. First do sudo apt-get install ssh to make sure you have it installed (even if you think you do). Then do sudo service ssh start|stop|restart as needed. Learned from this thread.



My use case is simple: I want to use the same django-deploy script to configure ec2 instances both with cloud-init through CloudWatch (the case for running local commands) and using the regular fab deploy_django -H foo@bar.



This would be really useful. One use case I have is using vagrant shell provisioner to configure particular vm using fabric and without the need to ssh localhost.



I was surprised not to see this in Fabric already.


FYI: Implementation of this feature gets more complex when you think about fabric functions like reboot().



Should be part of core already !



It would perfectly make sense: from an abstract point of view, local is just a special case of run, where no SSH machinery is involved.

One more thing to point out (maybe obvious): Fabric should be smart enough to decide if a run should be converted to local AFTER reading /etc/hosts.

I mean: if we have = [ 'mywebserver' ]

and in /etc/hosts we have: mywebserver

then, any run calls should actually be local calls.

Taking this concept a step further, we should also treat run as a local call when the remote host resolves to an IP which is assigned to a network interface of the local machine.
fabfile: = [ 'mywebserver' ]

/etc/hosts: mywebserver

ip addr:


Fabric 2 will use pyinvoke/invoke so this should be pretty easy to do there. I would wait for Fabric 2 for a non-hacky way to do this.




:+1: Please implement this, especially as mac computers aren't automatically set up to have SSH tunnels configured for remote access to the localhost server.


+1 :)


+1 please


We're using Fab to build debian packages and this adds extra complexity


guys, hello all
i try to create clone of fabric with difference:

  • run() function works in the same way with subprocess.popen under localhost as under ssh connect to remote host
  • Factory uses openssh or any another ssh client (you should modified config for this), so you can use all power of ssh sockets
  • Factory uses gevent library for asynchronous executing

You can take a look if you need this feature


I may be missing something in this discussion, but here is what I did to use the same code with fab run command on both localhost and remote machines.

  1. I set env.use_ssh_config = True in my
  2. ssh-copy-id localhost

This doesn`t solve your issue if you are not running ssh server on your local machine




+1 Please implement this feature :)



Could be very useful to bootstrap Docker images using existing Fabric scripts. This feature would avoid to install an SSH server on the container, which is against the Docker best practices








Further to the answer provided by @AntoniosHadji, here are the complete instructions to make this work;

# Generate new SSH key for local usage
ssh-keygen -f ~/.ssh/id_rsa -N ''

# Add server keys to users known hosts (eliminates 'are you sure' messages);
ssh-keyscan -H localhost > ~/.ssh/known_hosts

# Allow user to ssh to itself
cat ~/.ssh/ >> ~/.ssh/authorized_keys

Actually, this can be done using cuisine. You need to change all run executions to reference function, which can be done easily with an import, and change the mode to local:

from cuisine import run, mode_local

print run("echo Hello")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.