CHEF-1896: Support for ssh gateway in knife ssh and knife bootstrap

[jdonagher]

A follow-on to abecciu's pull request. Starting from abecciu:CHEF-1896, I added the support for configuration in knife.rb per schisamo's request, thus the ssh gateway host is now configurable via

knife[:ssh_gateway] = "user@somehost"

[btm]

Thank you for supporting Chef! Our process has a couple prerequisites before we can merge your contribution. We need to ensure you've completed a Contributor License Agreement (CLA) and a ticket on our ticket tracker for the release workflow. Pull requests are optional, but should always include the ticket number that they're related to for cross-referencing. Please take a moment to review the below wiki page for the appropriate steps:

http://wiki.opscode.com/display/chef/How+to+Contribute

This is the related ticket: http://tickets.opscode.com/browse/CHEF-1896

[jdonagher]

I am listed in http://wiki.opscode.com/display/chef/Approved+Contributors (contributor 371)
This is minor enhancement on top of the work of abecciu pertaining to CHEF-1896
Do you want me to open a separate ticket?

[btm]

Since we haven't merged his pull request yet, we should be able to merge yours at the same time, so no worries. We'll be merging for 0.10.8 in a week or two.

Since you hadn't commented on the ticket, we didn't have your JIRA username or full name. We need one to reconcile you against the list of the approved contributors, with the JIRA username being the more concise one.

Next time please link to the pull request from the ticket as the JIRA tickets are the canonical reference for bugs.

[btm]

Merged to master.

[mhoran]

@jdonagher, we're trying to use knife bootstrap with the -G option, but it doesn't seem to be working for us. Here's the command line: knife bootstrap target -G mhoran@gateway -i ~/.ssh/target-identity -x deploy --sudo.

I would expect knife to connect to the gateway as mhoran@gateway, then to the target as deploy with the provided identity file. This is how Capistrano behaves.

Any ideas?

[jdonagher]

I'm not able to test knife bootstrap at the moment, but knife ssh with -x
and -G options works like that for me.

Possible your .ssh/config on one of the systems is interfering with those
options?

On Wed, Oct 17, 2012 at 2:37 PM, Matthew Horan notifications@github.comwrote:

@jdonagher https://github.com/jdonagher, we're trying to use knife
bootstrap with the -G option, but it doesn't seem to be working for us.
Here's the command line: knife bootstrap target -G mhoran@gateway -i
~/.ssh/target-identity -x deploy --sudo.

I would expect knife to connect to the gateway as mhoran@gateway, then to
the target as deploy with the provided identity file. This is how
Capistrano behaves.

Any ideas?

—
Reply to this email directly or view it on GitHubhttps://github.com//pull/109#issuecomment-9545017.

[mhoran]

I moved ~/.ssh/config out of the way and I'm still unable to use knife ssh. I tried the following:

warren:~ $ knife ssh target ls -m -G mhoran@gateway -x deploy -i ~/.ssh/target_identity_file
ERROR: Net::SSH::AuthenticationFailed: mhoran

I'm not seeing any authentication requests on the gateway.

[mhoran]

The issue is that our gateway requires password authentication for regulatory reasons. We want to use keys on the other side of the connection, but the gateway cannot use key authentication. It seems that the gateway support for knife does not support prompting for password, and the command line password is not passed to the gateway.

[pivotal-casebook]

We fixed this issue in pull #452.