[Capistrano] Re: Two-factor auth problem?

[Jamis Buck]

Yeah, currently Net::SSH only does either/or, but not both. If you could send me the debug output, I'll take a look. No guarantees I'll have time to implement it, but then again, I'm currently working on Net::SSH v2, so it'd be a more likely time for me to hack on it. :)

Please send the dump to me, directly: [EMAIL PROTECTED] Thanks!

- Jamis

On Jan 2, 2008, at 2:08 PM, [EMAIL PROTECTED] wrote:

Nothing to be ashamed of ... I wouldn't know what it is either except
our security droids require it on all publicly accessible systems.
Anyway, in this context it means that two forms of authentication are
required, specifically a public key *and* a password. My guess is that
Net::SSH only knows how to provide one or the other but not both. The
operative word there is "guess"; I would be happy to provide the
output that results when I set ssh_options[:verbose] to :debug - I
didn't do it in my original post because I'll have to make sure it's
all "sanitized".

Thanks for the quick response ... WkH

On Jan 2, 2:44 pm, Jamis Buck <[EMAIL PROTECTED]> wrote:

I'm not ashamed to reveal my ignorance and state that I have never
heard of two-factor auth...so it isn't surprising that Net::SSH would
not handle that, since I wrote that, too. I based Net::SSH off of the
base ssh RFC's, which I don't recall mentioning two-factor
authentication.

- Jamis

On Jan 2, 2008, at 11:14 AM, [EMAIL PROTECTED] wrote:

One of my resolutions for the new year is to replace my crufty old

the :gateway mechanism. Our bastion servers are configured for two-

seem to be able to handle that flavor of authentication. When I run
the following task, which just tests the ability to login to the
bastion server:

expect scripts with Capistrano. Unfortunately, I'm having trouble with factor auth: public key and password. Capistrano, or Net::SSH, doesn't

task :whos_on, :hosts => "my.bastion.server" do
 run "who"
end

I get the following output:

$ cap whos_on
 * executing `whos_on'
 * executing "who"
   servers: ["my.bastion.server"]
Password:
connection failed for: my.bastion.server
(Net::SSH::AuthenticationFailed: username)

I'm able to ssh to my.bastion.server with no problems. I'm also able
to set up a tunnel through it to any of our production boxes using
just straight ssh. Doing set :gateway, "my.bastion.server" in my
capfile gives me no joy either.

I have verified that the whos_on task works when run within the
production network where the boxes don't do two-factor auth. That's
why I'm focused on the two-factor thing. To be useful I really need
the :gateway mechanism to work.

Anyone have any ideas?

... WkH

 smime.p7s
3KDownload

--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---

smime.p7s
Description: S/MIME cryptographic signature