This explanation is excellent. I think this IS the root cause. Because the
error message is:
# python ilom.py -s root@ca-dev33m -p changeme
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:
PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using
libgmp >= 5 to avoid timing attack vulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to
avoid timing attack vulnerability.", PowmInsecureWarning)
[root@ca-dev33m] Executing task 'ilom_get_version'
[root@ca-dev33m] run: version
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)
INFO:paramiko.transport:Authentication (keyboard-interactive) successful!
INFO:paramiko.transport:Secsh channel 1 opened.
[root@ca-dev33m] out: shell: Invalid credentials
[root@ca-dev33m] out:
[root@ca-dev33m] out:
[root@ca-dev33m] out:
Disconnecting from ca-dev33m... done.
shell: Invalid credentials
<shell: Invalid credentials>
If Jeff or other pro could propose a solution/workaround/hack for this. I'm
happy to test it.
Thanks,
Zhigang
On Wed, Apr 10, 2013 at 10:54 AM, Chris Vest <[email protected]> wrote:
> With the command sub-protocol (which I'm calling it because I don't
> remember what it is otherwise called) a client (fabric, ssh, etc) will be
> told the return code of a command when it finishes executing on the remote
> machine.
>
> With the shell sub-protocol, you are told the return code of the shell,
> when the shell session ends. Shell sessions usually end “well” even if all
> the commands executed through it has failed. Shells also typically wait for
> more input when they've finished running a command, and they only notify
> you of this by printing a dynamically configurable string that typically
> doesn't end with a line break.
>
> That's why tools like fabric prefer to use the command sub-protocol. I
> don't know of any good work around to this.
>
> Chris
>
> On 10 Apr 2013, at 19:04, Zhigang Wang <[email protected]> wrote:
>
> On Wed, Apr 10, 2013 at 9:49 AM, Chris Vest <[email protected]> wrote:
>
>> So you say this works:
>> echo "<cmd>" | ssh user@host:port
>>
>>
> yes
>
>
>> Does this work?
>> ssh user@host:port "<cmd>"
>>
>
> no
>
>
>> Fabric (assuming my info is current) uses the command sub-protocol of
>> ssh, not the shell sub-protocol, which I'm guessing is what happens when
>> you pipe to ssh.
>>
>>
> Seems we are tracking down to the point. Will check what is the difference
> between the two. If anyone has a workaround for fabric to use "shell
> sub-protocol"?
>
> Thanks,
>
> Zhigang
>
>
>> Chris
>>
>> On 10/04/2013, at 16.51, Zhigang Wang <[email protected]> wrote:
>>
>> Thanks very much. However, it doesn't work.
>>
>> I think this issue may live in the paramiko side: don't know anyone
>> familiar with the difference between:
>>
>> 1. ssh user@host:port <cmd>
>>
>> 2. echo "<cmd>" | ssh user@host:port
>>
>> The second one works. So maybe we can emulate that behavior in
>> paramiko/fabric.
>>
>> Thanks,
>>
>> Zhigang
>>
>>
>>
>> On Tue, Apr 9, 2013 at 9:52 PM, Jeff Forcier <[email protected]> wrote:
>>
>>> Pro tip:
>>>
>>> * Read up on what ssh -T does (it disables allocation of a remote pty)
>>> * Search Fabric docs for "pty"
>>> * Find out you can set env.always_use_pty=False to disable use of a
>>> remote pty
>>> * Hopefully discover that this fixes the problem (?)
>>>
>>>
>>> On Tue, Apr 9, 2013 at 7:16 PM, Zhigang Wang <[email protected]> wrote:
>>> > Thanks.
>>> >
>>> > Currently I hit this:
>>> >
>>> http://net-ssh.lighthouseapp.com/projects/36253/tickets/32-sun-ilom-wont-accept-commands-even-after-successful-login
>>> >
>>> > Maybe a ILOM bug, but they have workaround:
>>> >
>>> > Doesnt' work:
>>> >
>>> > $ ssh -t root@ca-dev33m "show /SYS"
>>> >
>>> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the list
>>> of
>>> > known hosts.
>>> > Password:
>>> > shell: Invalid credentials
>>> >
>>> >
>>> > Connection to ca-dev33m closed.
>>> >
>>> > Works:
>>> >
>>> > $ echo "show /SYS" | ssh -T root@ca-dev33m
>>> >
>>> > How to clone the same behavior in fabric?
>>> >
>>> > Using our fabric:
>>> >
>>> > # python ilom.py -s root@ca-dev33m -p changeme
>>> > /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:
>>> > PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using
>>> > libgmp >= 5 to avoid timing attack vulnerability.
>>> > _warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5
>>> to
>>> > avoid timing attack vulnerability.", PowmInsecureWarning)
>>> > [root@ca-dev33m] Executing task 'ilom_get_mac'
>>> > [root@ca-dev33m] run: show /System ilom_mac_address
>>> > INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)
>>> > INFO:paramiko.transport:Authentication (keyboard-interactive)
>>> successful!
>>> > INFO:paramiko.transport:Secsh channel 1 opened.
>>> > [root@ca-dev33m] out: shell: Invalid credentials
>>> > [root@ca-dev33m] out:
>>> > [root@ca-dev33m] out:
>>> > [root@ca-dev33m] out:
>>> >
>>> > Disconnecting from ca-dev33m... done.
>>> > shell: Invalid credentials
>>> >
>>> >
>>> > From here:
>>> >
>>> https://groups.google.com/group/mailing.unix.openssh-dev/tree/browse_frm/month/2009-07?_done=%2Fgroup%2Fmailing.unix.openssh-dev%2Fbrowse_frm%2Fmonth%2F2009-07%3F&;
>>> >
>>> > It may related to the buffersize? How can I enlarge the buffersize for
>>> > fabric?
>>> >
>>> > I tried env.linewise=True, it doesn't help.
>>> >
>>> > I will continue debugging on it.
>>> >
>>> > Thanks,
>>> >
>>> > Zhigang
>>> >
>>> >
>>> > On Tue, Apr 9, 2013 at 6:55 PM, Jeff Forcier <[email protected]>
>>> wrote:
>>> >>
>>> >> Try setting env.use_shell = False:
>>> >>
>>> >> http://docs.fabfile.org/en/1.6/usage/env.html#use-shell
>>> >>
>>> >> On Tue, Apr 9, 2013 at 6:40 PM, Zhigang Wang <[email protected]>
>>> wrote:
>>> >> > Hi Jeff and all,
>>> >> >
>>> >> > I want to use fabric for ilom, a ssh configuration interface.
>>> Currently
>>> >> > it
>>> >> > doesn't work because the ilom system doesn't have a shell there.
>>> How can
>>> >> > set
>>> >> > env.shell to none? Or is it supported?
>>> >> >
>>> >> > The ilom shell:
>>> >> >
>>> >> > $ ssh root@ca-dev33m
>>> >> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the
>>> list of
>>> >> > known hosts.
>>> >> > Password:
>>> >> >
>>> >> > Oracle(R) Integrated Lights Out Manager
>>> >> >
>>> >> > Version 3.1.2.10 r74387
>>> >> >
>>> >> > Copyright (c) 2012, Oracle and/or its affiliates. All rights
>>> reserved.
>>> >> >
>>> >> > Warning: password is set to factory default.
>>> >> >
>>> >> > -> help
>>> >> > The help command is used to view information about commands and
>>> targets
>>> >> >
>>> >> > Usage: help [-format wrap|nowrap] [-o|-output terse|verbose]
>>> >> > [<command>|legal|targets|<target>|<target> <property>]
>>> >> >
>>> >> > Special characters used in the help command are
>>> >> > [] encloses optional keywords or options
>>> >> > <> encloses a description of the keyword
>>> >> > (If <> is not present, an actual keyword is indicated)
>>> >> > | indicates a choice of keywords or options
>>> >> >
>>> >> > help <target> displays description if this target and
>>> its
>>> >> > properties
>>> >> > help <target> <property> displays description of this property of
>>> this
>>> >> > target
>>> >> > help targets displays a list of targets
>>> >> > help legal displays the product legal notice
>>> >> >
>>> >> > Commands are:
>>> >> > cd
>>> >> > create
>>> >> > delete
>>> >> > dump
>>> >> > exit
>>> >> > help
>>> >> > load
>>> >> > reset
>>> >> > set
>>> >> > show
>>> >> > start
>>> >> > stop
>>> >> > version
>>> >> >
>>> >> > -> sh
>>> >> > Invalid command 'sh' - type help for a list of commands.
>>> >> >
>>> >> > -> bash
>>> >> > Invalid command 'bash' - type help for a list of commands.
>>> >> >
>>> >> > Thanks,
>>> >> >
>>> >> > Zhigang
>>> >>
>>> >>
>>> >>
>>> >> --
>>> >> Jeff Forcier
>>> >> Unix sysadmin; Python/Ruby engineer
>>> >> http://bitprophet.org
>>> >
>>> >
>>>
>>>
>>>
>>> --
>>> Jeff Forcier
>>> Unix sysadmin; Python/Ruby engineer
>>> http://bitprophet.org
>>>
>>
>> _______________________________________________
>> Fab-user mailing list
>> [email protected]
>> https://lists.nongnu.org/mailman/listinfo/fab-user
>>
>>
>
_______________________________________________
Fab-user mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/fab-user
