Calvin
If there is a problem with host key verification it is probably because
you have a record in your ~/.ssh/known_hosts file for the address
192.16.1.2. You could remove the record or give the server a dns name
(temporary ones live in your /etc/hosts file) to address it which may
work around the problem.
James -- I think "StrictHostKeyChecking no" is a serious security no-no. If you
really have to do it for a LAN host, you can use the
-o StrictHostKeyChecking=no
command-line switch to ssh. But better to fix the underlying problem rather
than concrete it into .ssh/config in my opinion.
You can alter this native ssh function to put in your fabfile if the
python/fabric ssh doesn't support it:
def sshagent_run(cmd):
"""
Helper function.
Runs a command with SSH agent forwarding enabled.
See https://github.com/simonhayward/simonsblog_django/blob/master/fabfile.py
Note:: Fabric (and paramiko) can't forward your SSH agent.
This helper uses your system's ssh to do so.
"""
for h in env.hosts:
try:
# catch the port number to pass to ssh
host, port = h.split(':')
local('ssh -p %s -A %s "%s"' % (port, host, cmd))
except ValueError:
local('ssh -A %s "%s"' % (h, cmd))
On 27/02/13, Stroehmann, James ([email protected]) wrote:
> I set these in my ~/.ssh/config
>
> StrictHostKeyChecking no
> CheckHostIP no
>
> -----Original Message-----
> From: [email protected]
> [mailto:[email protected]] On Behalf Of
> Calvin
> Sent: Wednesday, February 27, 2013 3:29 PM
> To: [email protected]
> Subject: [Fab-user] tunneling with fab
>
> I have two freshly installed nix boxes I want to automate configuration of.
> I start on my box with fabric installed, neither of the freshboxes have
> fabric available.
>
> to gain control of the second box i manually ssh to the first then ssh to the
> second to drop iptables.
>
> The problem is this operation fails with fabric saying "err: Host key
> verification failed."
>
>
>
> my fab file has the following
> def drop_iptables_on_managed_host(ip='192.16.1.2'):
> print ("droping iptables on host "+ip)
> run(command='ssh '+ip+' service iptables stop')
>
>
> is there a way to have this autoaccept the key from the first host when
> connecting to the second.
>
> --
> Calvin
> [email protected]
>
> --
> http://www.fastmail.fm - Send your email first class
>
>
> _______________________________________________
> Fab-user mailing list
> [email protected]
> https://lists.nongnu.org/mailman/listinfo/fab-user
>
>
>
>
> _______________________________________________
> Fab-user mailing list
> [email protected]
> https://lists.nongnu.org/mailman/listinfo/fab-user
--
Rory Campbell-Lange
[email protected]
Campbell-Lange Workshop
www.campbell-lange.net
0207 6311 555
3 Tottenham Street London W1T 2AF
Registered in England No. 04551928
_______________________________________________
Fab-user mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/fab-user
