On Tue, 2009-03-10 at 20:59 -0400, Jeff Forcier wrote: > On Tue, Mar 10, 2009 at 9:01 AM, Jordan Levy wrote: > > > I have ForwardAgent setup on my local machine so that initiating an SSH > > session to host1, then to host2 from host1, works just fine without > > providing a password. I'm assuming that Fabric does not use > > ForwardAgent? This would be fine if I were at least prompted for a > > password during the operation. > > Hi Jordan, > > I can't answer 100% conclusively, but I don't *think* Fabric currently > honors ForwardAgent (or, for that matter, anything else in > .ssh/config*). I've just trawled all over the place looking to see if > anyone's gotten Paramiko (our SSH substrate) doing this and didn't > find anything. Ditto for Twisted Conch (a potential replacement). > > It does look like Ruby's Net-SSH library supports agent forwarding, > but that doesn't exactly help us any over here :( I'm guessing that, > assuming I'm not missing something, the dev(s) on that lib had more > need for the feature (or time to implement it) than the > Paramiko/Twisted devs. > > If anyone can chime in on this with more info or a "you're wrong, > Jeff, and here's why", that'd be great, otherwise you're probably out > of luck until someone patches one of those libs. (If you have the time > and want to specifically ping e.g. the Paramiko list about this, feel > free.) > > Best, > Jeff > > * Parsing .ssh/config, in general, is possible with both libs, so I > would like to eventually work in HostName/User support at the very > least. But ForwardAgent is likely to be a bigger fish to fry, and > (IMHO) more of an edge case, so I'm not sure it's something I have > time to tackle myself, even if it is something we could do at our > level instead of needing to be in Paramiko itself.
Thanks for the answer Jeff. By the time I received it I had already dug
into paramiko and Fabric's use of it. It seemed like paramiko did not
provide any support for ForwardAgent. This is unfortunate because I
think my use case is a common one.
However, I was able to find a simple workaround for my case. It's not
ideal, but it works:
config.basedir = '/path/to/put/repo/at/'
local_per_host('ssh $(fab_host) "cd $(basedir) && hg clone
$(repo_path)"')
It doesn't ask for a password as long as I have ForwardAgent setup in
~/.ssh/config or similar.
Best,
Jordan
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Fab-user mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/fab-user
