New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How do I stop the prompt "Permission denied for host <hostname>, do you want to deploy the salt-ssh key? (password required):"? #47087

darkpixel opened this Issue Apr 16, 2018 · 2 comments


None yet
3 participants

darkpixel commented Apr 16, 2018

Description of Issue/Question

I've been digging through man pages and the docs and can't figure out how to disable the prompt in salt-ssh that asks if I want to deploy the salt-ssh key.

I have a roster file with nearly 100 hosts, some of which I don't have access to yet (during a 'transition').
Every time I run 'salt-ssh' to gather data or make changes, I get prompted about 15 times. It's annoying to have to repeatedly hit n n n .

Several of those 15 hosts are appliances where /root/.ssh/authorized_keys is read-only, so answering 'y', hitting and then putting in the password also won't fix the problem.

I even tried setting --priv=/dev/null without success. Strangely salt-ssh says /dev/null already exists and asks if I want to overwrite it instead of failing to read/parse it and perhaps not prompting to deploy a key that doesn't exist.

I would love to see 'no prompts of any kind' be the default, but even having a flag like --not-interactive to turn it all off would be great.

Steps to Reproduce Issue

Add a host to your roster file that doesn't have your SSH key (or your salt-ssh key). It appears it asks by default even with you don't supply the --askpass flag.

Versions Report

Salt Version:
           Salt: 2017.7.4
Dependency Versions:
           cffi: 1.11.2
       cherrypy: Not Installed
       dateutil: Not Installed
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.4.7
   mysql-python: Not Installed
      pycparser: 2.18
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 3.6.4 (default, Apr  5 2018, 01:17:42)
   python-gnupg: Not Installed
         PyYAML: 3.12
          PyZMQ: 17.0.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.2.3
System Versions:
         locale: UTF-8
        machine: amd64
        release: 11.1-RELEASE
         system: FreeBSD
        version: Not Installed

This comment has been minimized.


gtmanfred commented Apr 16, 2018

I have opened #47100 to allow passing in --no-key-deploy to serve this purpose.

I opened it against 2017.7, but I may be asked to rebase it to develop for our next major release Fluorine.


@gtmanfred gtmanfred added the Bug label Apr 16, 2018

@gtmanfred gtmanfred added this to the Approved milestone Apr 16, 2018

@rallytime rallytime closed this Aug 5, 2018


This comment has been minimized.


gtmanfred commented Aug 30, 2018

The change that was made here is causing failures with the test suite.

This is going to have to be added in a later release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment