Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Not passing passphrase? #80

Open
GoogleCodeExporter opened this issue Feb 6, 2016 · 5 comments
Open

Not passing passphrase? #80

GoogleCodeExporter opened this issue Feb 6, 2016 · 5 comments

Comments

@GoogleCodeExporter
Copy link

What steps will reproduce the problem?
1. specify either "-x '-i /path/to/identity'" or "-O 
IdentityFile=/path/to/identity", along with -A to input passphrase
2. Asks for passphrase
3. Doesn't appear to use it 

What is the expected output? What do you see instead?
If you remove the passphrase from the key, it works fine.
When the key has a passphrase, SSH exit code is 255

What version of the product are you using? On what operating system?
2.3.1, CentOS 5.9 x64

Please provide any additional information below.

# pssh -v -i -A -H server -x '-i /home/user/.ssh/id_rsa' whoami
Warning: do not enter your password if anyone else has superuser
privileges or access to your account.
Password: 
[1] 11:09:30 [FAILURE] server Exited with error code 255
Stderr: pssh-askpass received prompt: "Enter passphrase for key 
'/home/user/.ssh/id_rsa': "
Enter passphrase for key '/home/user/.ssh/id_rsa': 
Permission denied (publickey,gssapi-with-mic).

Original issue reported on code.google.com by unclemo...@gmail.com on 21 Feb 2013 at 11:15

@GoogleCodeExporter
Copy link
Author

Think I've sorted this. The askpass_client exits if the prompt from ssh doesn't 
end in 'password:'. This shouldn't happen, as this condition is only used to 
determine whether to present a generic prompt or the actual prompt (from what I 
can tell).

Here's the fix.

--- /usr/src/pssh-2.3.1/psshlib/askpass_client.py       2013-02-21 
11:33:29.000000000 +0000
+++ /usr/lib/python2.4/site-packages/psshlib/askpass_client.py  2013-02-21 
12:34:53.000000000 +0000
@@ -68,7 +68,6 @@
         if not prompt.strip().lower().endswith('password:'):
             sys.stderr.write(prompt)
             sys.stderr.write('\n')
-            sys.exit(1)
     else:
         sys.stderr.write('Error: pssh-askpass called without a prompt.\n')
         sys.exit(1)

Original comment by unclemo...@gmail.com on 21 Feb 2013 at 12:37

@GoogleCodeExporter
Copy link
Author

Created issue #81 to address this.

Original comment by unclemo...@gmail.com on 21 Feb 2013 at 5:12

@GoogleCodeExporter
Copy link
Author

Thanks for reporting this problem.

Hmm... the patch in comment #1 would cause pssh to send a password as a 
response to a yes/no question, which would be bad.

The way I would fix this is to check for the string "Enter passphrase", but 
I'll wait until I hear back on issue #81 before proceeding.

Original comment by amcna...@gmail.com on 21 Feb 2013 at 5:49

@GoogleCodeExporter
Copy link
Author

I changed the line to
 if not ( prompt.strip().lower().endswith('password:') or 'enter passphrase for key' in prompt.strip().lower()):

and it seems to work

Original comment by robine...@gmail.com on 25 Mar 2014 at 6:18

@GoogleCodeExporter
Copy link
Author

I managed to get around this issue recently by using keychain rather than 
entering my passphrase into parallel-ssh: 
http://unix.stackexchange.com/a/128998/57414

In essence I did this:

# install keychain package
$ sudo apt-get install keychain
# add my key to the keychain, entering passphrase when asked
$ keychain ~/.ssh/id_rsa
# source the file generated by the above command
$ source ~/.keychain/$(uname -n)-sh

# execute parallel-ssh. No need for the key's passphrase, keychain takes care 
of it
$ parallel-ssh --hosts=machines --user=my_user --timeout=0 'sudo apt-get update'

Original comment by nathan.w...@gmail.com on 12 May 2014 at 5:40

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant