New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSHClient Fails to use password authentication when local keychain exists #391
Comments
Sounds related to #387. |
paramiko/paramiko#391 (Cisco boxes don't support key auth anyway)
I am using Fabric on Windows 2012 server within Git Bash.
Paramiko refuses to see or use any of my .pem files in ~/.ssh/* other than id_rsa When turning on debugging, you can see that during the SSH conversation, it tries to connect only with The only workaround I have found is to forcibly add Edit: Reading #387 it's clear this is probably the wrong place for this note. |
I encountered this on Ubutnu 16, Python 2.7, paramiko 2.3.0. Using 'allow_agent' and 'look_for_keys' fixed the issue for me, as per this StackOverflow post In summary:
|
Like dharasty said:
It'll fail to find the public key but then use password auth and succeed. Annoying but it works. |
Seems like we get into paramiko/paramiko#391 (comment)
Seems like we get into paramiko/paramiko#391 (comment)
The workaround will work if you are using paramiko directly. But if you are using a wraparound library like invoke or fabric, you can't override the default paramiko behavior of look_for_keys. If someone has found a way to do that, please post it. |
For Fabric-1.x, you can use the command-line options For Fabric-2.x, you can use config values |
Still seeing this issue in latest paramiko 2.11.0 Does not happen in 2.6.0 and broken in 2.7.0 |
When I use SSHClient to connect to a remote host with password authentication, it fails when I have a local key-file (unrelated) on the client machine. A
paramiko.ssh_exception.AuthenticationException
is thrown, instead of continuing to ssh password authentication.Workaround: Use option
look_for_keys=False
This workaround is only possible if you control the SSHClient object yourself, not if you use a lib built on paramiko.
Environment
File
/home/<user>/.ssh/id_rsa
exists (but not relevant to remote host)Code to reproduce:
Trace
Excerpt from "DEBUG-level log"
The last two lines are not logged and the exception is not thrown when connection is made with the work around:
The text was updated successfully, but these errors were encountered: