paramiko, isn't talking to ssh-agent. same behavior in fabric

Bryan Hunt picture Bryan Hunt · Mar 23, 2012 · Viewed 11.2k times · Source

Firstly I tried to get fabric working, but it kept asking me for a password.

So I'm trying to reduce the problem. Perhaps it would be a good POC to just create a SSH connection from Python. I discovered that fabric uses parmiko for it's SSH handling. Hmm. Ok, lets try to get an example working.

Here's what I wrote.

from ssh import *
import os 

print "SSH-AGENT VARS"

print "SSH_AGENT_PID: %s " % os.environ['SSH_AGENT_PID']
print "SSH_AUTH_SOCK: %s " % os.environ['SSH_AUTH_SOCK']

a = Agent()
keys=a.get_keys()
print keys.count("192.168.1.10")


client = SSHClient()
client.load_system_host_keys()
client.connect('192.168.1.10')

Resulting in the following error messages:

% ./ssh_test.py
SSH-AGENT VARS
SSH_AGENT_PID: 26557 
SSH_AUTH_SOCK: /tmp/ssh-pZHBElj26556/agent.26556 
0
Traceback (most recent call last):
  File "./ssh_test.py", line 18, in <module>
    client.connect('192.168.1.10')
  File "/usr/local/lib/python2.7/dist-packages/ssh/client.py", line 332, in connect
    self._auth(username, password, pkey, key_filenames, allow_agent, look_for_keys)
  File "/usr/local/lib/python2.7/dist-packages/ssh/client.py", line 493, in _auth
    raise saved_exception
ssh.PasswordRequiredException: Private key file is encrypted

ssh-agent is running in my session, I can SSH to that box, no problems, it doesn't prompt me for a password or anything.

I'm guessing paramiko isn't able to connect to the running ssh-agent for some weird reason.

Has anyone else had a problem like this? I'm using Ubuntu 11.10

I seem to remember trying Fabric a while back and having similar problems, perhaps it's been broken for a while?

I connect, just using the host name as the argument. This is as per the documentation.

http://www.lag.net/paramiko/docs/paramiko.SSHClient-class.html

connect(self, hostname, port=22, username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False)

Answer

Morgan picture Morgan · Mar 28, 2012

So from the paramiko code and yours when you do a.get_keys() that should return a list. I'd see what it returns. And it woudln't return something you can count like that, as it's returning the actual encrypted key bits. But anyhow, as you've moved onto ssh, and that works, let's move to Fabric.

You can get more logging by turning it on for the ssh lib by doing:

import ssh
ssh.util.log_to_file("paramiko.log", 10)

In your fabfile. This'll up all the logs and show more of what paramiko/ssh itself is doing which may assist you in debugging the issue further.