Nothing to be ashamed of ... I wouldn't know what it is either except our security droids require it on all publicly accessible systems. Anyway, in this context it means that two forms of authentication are required, specifically a public key *and* a password. My guess is that Net::SSH only knows how to provide one or the other but not both. The operative word there is "guess"; I would be happy to provide the output that results when I set ssh_options[:verbose] to :debug - I didn't do it in my original post because I'll have to make sure it's all "sanitized".
Thanks for the quick response ... WkH On Jan 2, 2:44 pm, Jamis Buck <[EMAIL PROTECTED]> wrote: > I'm not ashamed to reveal my ignorance and state that I have never > heard of two-factor auth...so it isn't surprising that Net::SSH would > not handle that, since I wrote that, too. I based Net::SSH off of the > base ssh RFC's, which I don't recall mentioning two-factor > authentication. > > - Jamis > > On Jan 2, 2008, at 11:14 AM, [EMAIL PROTECTED] wrote: > > > > > One of my resolutions for the new year is to replace my crufty old > > expect scripts with Capistrano. Unfortunately, I'm having trouble with > > the :gateway mechanism. Our bastion servers are configured for two- > > factor auth: public key and password. Capistrano, or Net::SSH, doesn't > > seem to be able to handle that flavor of authentication. When I run > > the following task, which just tests the ability to login to the > > bastion server: > > > task :whos_on, :hosts => "my.bastion.server" do > > run "who" > > end > > > I get the following output: > > > $ cap whos_on > > * executing `whos_on' > > * executing "who" > > servers: ["my.bastion.server"] > > Password: > > connection failed for: my.bastion.server > > (Net::SSH::AuthenticationFailed: username) > > > I'm able to ssh to my.bastion.server with no problems. I'm also able > > to set up a tunnel through it to any of our production boxes using > > just straight ssh. Doing set :gateway, "my.bastion.server" in my > > capfile gives me no joy either. > > > I have verified that the whos_on task works when run within the > > production network where the boxes don't do two-factor auth. That's > > why I'm focused on the two-factor thing. To be useful I really need > > the :gateway mechanism to work. > > > Anyone have any ideas? > > > ... WkH > > > > > > smime.p7s > 3KDownload --~--~---------~--~----~------------~-------~--~----~ To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/capistrano -~----------~----~----~----~------~----~------~--~---
