python-pytest-multihost

Clone
Source Code
GIT

#17 Implement OpenSSH password auth with sshpass
Merged 4 years ago by spoore. Opened 4 years ago by cheimes.
cheimes/python-pytest-multihost sshpass  into  master

file modified
+8 -2 
@@ -375,9 +375,15 @@ 
 

          if self.host.ssh_key_filename:
 

              key_filename = os.path.expanduser(self.host.ssh_key_filename)
 

              argv.extend(['-i', key_filename])
 

+             # disable password prompt
 

+             argv.extend(['-o', 'BatchMode=yes'])
 

          elif self.host.ssh_password:
 

-             self.log.critical('Password authentication not supported')
 

-             raise RuntimeError('Password authentication not supported')
 

+             password_file = os.path.join(self.control_dir.path, 'password')
 

+             with open(password_file, 'w') as f:
 

+                 os.fchmod(f.fileno(), 600)
 

+                 f.write(self.host.ssh_password)
 

+                 f.write('\n')
 

+             argv = ['sshpass', '-f', password_file] + argv
 

          else:
 

              self.log.critical('No SSH credentials configured')
 

              raise RuntimeError('No SSH credentials configured')

file modified
+6 
@@ -33,10 +33,14 @@ 
 

  BuildRequires: python3-devel
 

  BuildRequires: python3-setuptools
 

  BuildRequires: python3-pytest
 

+ BuildRequires: openssh-clients
 

+ BuildRequires: sshpass
 

  %endif
 

  

  Requires: python
 

  Requires: pytest >= 2.4.0
 

+ Requires: openssh-clients
 

+ Recommends: sshpass
 

  

  # Should use python_provide macros, but those won't work in older EPEL
 

  Provides: python2-%{srcname}
 
@@ -59,6 +63,8 @@ 
 

  

  Requires: python3
 

  Requires: python3-pytest
 

+ Requires: openssh-clients
 

+ Recommends: sshpass
 

  

  %description -n python3-%{srcname}
 

  Allows pytest tests to run commands on several machines.

Paramiko does not yet implement modern handshake variants with
rsa-sha2-256. OpenSSH 8.2 release notes say that the old ssh-rsa
algorithm (RSA with SHA-1 signature) be disabled soon. The algorithm does
not work in FIPS either.

The patch implements OpenSSH password-based logins using the sshpass
utilility. It reads the password from a secure file and feeds it to
OpenSSH command line tool.

See: https://www.openssh.com/releasenotes.html
See: https://linux.die.net/man/1/sshpass
Signed-off-by: Christian Heimes cheimes@redhat.com

How soon can this patch be merged. sssd-qe requires this enhancement to connect to AD from the controller using openssh for fips testing.

Sorry, I lost track of this one. I believe it can be merged now. The changes seem completely reasonable to me.

@cheimes didn't you mention that this was done upstream already for freeipa?

Pull-Request has been merged by spoore
4 years ago
Metadata
None
No Tags
Changes Summary 2
+8 -2
file changed
pytest_multihost/transport.py
+6 -0
file changed
python-pytest-multihost.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.