| |
@@ -375,9 +375,15 @@
|
| |
if self.host.ssh_key_filename:
|
| |
key_filename = os.path.expanduser(self.host.ssh_key_filename)
|
| |
argv.extend(['-i', key_filename])
|
| |
+ # disable password prompt
|
| |
+ argv.extend(['-o', 'BatchMode=yes'])
|
| |
elif self.host.ssh_password:
|
| |
- self.log.critical('Password authentication not supported')
|
| |
- raise RuntimeError('Password authentication not supported')
|
| |
+ password_file = os.path.join(self.control_dir.path, 'password')
|
| |
+ with open(password_file, 'w') as f:
|
| |
+ os.fchmod(f.fileno(), 600)
|
| |
+ f.write(self.host.ssh_password)
|
| |
+ f.write('\n')
|
| |
+ argv = ['sshpass', '-f', password_file] + argv
|
| |
else:
|
| |
self.log.critical('No SSH credentials configured')
|
| |
raise RuntimeError('No SSH credentials configured')
|
| |
Paramiko does not yet implement modern handshake variants with
rsa-sha2-256. OpenSSH 8.2 release notes say that the old ssh-rsa
algorithm (RSA with SHA-1 signature) be disabled soon. The algorithm does
not work in FIPS either.
The patch implements OpenSSH password-based logins using the sshpass
utilility. It reads the password from a secure file and feeds it to
OpenSSH command line tool.
See: https://www.openssh.com/releasenotes.html
See: https://linux.die.net/man/1/sshpass
Signed-off-by: Christian Heimes cheimes@redhat.com