Thanks Rory, Very informative, I was just forming the idea that id have to look into using the paramiko api directly. I didn't show the little script I had in there to stripe out any keys for the host from my known_hosts file. from what I'm reading it should be adding the key automatically by fabric, The more I think about it, it might even be a permissions issue. I'm using hudson to automate this process, its possible it doesn't have permission to update this file. I have some leads to follow now.
Thanks for your input, I appreciated it. Cal -- Calvin [email protected] On Wed, Feb 27, 2013, at 06:58 PM, Rory Campbell-Lange wrote: > Calvin > > If there is a problem with host key verification it is probably because > you have a record in your ~/.ssh/known_hosts file for the address > 192.16.1.2. You could remove the record or give the server a dns name > (temporary ones live in your /etc/hosts file) to address it which may > work around the problem. > > James -- I think "StrictHostKeyChecking no" is a serious security no-no. > If you > really have to do it for a LAN host, you can use the > > -o StrictHostKeyChecking=no > > command-line switch to ssh. But better to fix the underlying problem > rather > than concrete it into .ssh/config in my opinion. > > You can alter this native ssh function to put in your fabfile if the > python/fabric ssh doesn't support it: > > def sshagent_run(cmd): > """ > Helper function. > Runs a command with SSH agent forwarding enabled. > See > https://github.com/simonhayward/simonsblog_django/blob/master/fabfile.py > > Note:: Fabric (and paramiko) can't forward your SSH agent. > This helper uses your system's ssh to do so. > """ > > for h in env.hosts: > try: > # catch the port number to pass to ssh > host, port = h.split(':') > local('ssh -p %s -A %s "%s"' % (port, host, cmd)) > except ValueError: > local('ssh -A %s "%s"' % (h, cmd)) > > On 27/02/13, Stroehmann, James ([email protected]) wrote: > > I set these in my ~/.ssh/config > > > > StrictHostKeyChecking no > > CheckHostIP no > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of > > Calvin > > Sent: Wednesday, February 27, 2013 3:29 PM > > To: [email protected] > > Subject: [Fab-user] tunneling with fab > > > > I have two freshly installed nix boxes I want to automate configuration of. > > I start on my box with fabric installed, neither of the freshboxes have > > fabric available. > > > > to gain control of the second box i manually ssh to the first then ssh to > > the second to drop iptables. > > > > The problem is this operation fails with fabric saying "err: Host key > > verification failed." > > > > > > > > my fab file has the following > > def drop_iptables_on_managed_host(ip='192.16.1.2'): > > print ("droping iptables on host "+ip) > > run(command='ssh '+ip+' service iptables stop') > > > > > > is there a way to have this autoaccept the key from the first host when > > connecting to the second. > > > > -- > > Calvin > > [email protected] > > > > -- > > http://www.fastmail.fm - Send your email first class > > > > > > _______________________________________________ > > Fab-user mailing list > > [email protected] > > https://lists.nongnu.org/mailman/listinfo/fab-user > > > > > > > > > > _______________________________________________ > > Fab-user mailing list > > [email protected] > > https://lists.nongnu.org/mailman/listinfo/fab-user > > -- > Rory Campbell-Lange > [email protected] > > Campbell-Lange Workshop > www.campbell-lange.net > 0207 6311 555 > 3 Tottenham Street London W1T 2AF > Registered in England No. 04551928 -- http://www.fastmail.fm - Access your email from home and the web _______________________________________________ Fab-user mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/fab-user
