salt-ssh : Disable SSH Host Key Checking with python api
273 views
Skip to first unread message
slim tabka
Aug 7, 2017, 8:32:33 AM8/7/17
to Salt-users
Hello everybody,
I have a problem with salt-ssh python api and I hope that someone can help me.
I'm working with salt-ssh and with the command line I can use option -i to use 'StrictHostKeyChecking.
I'm working with salt-ssh and with the command line I can use option -i to use 'StrictHostKeyChecking.
(agent) [root@NODE ~]# salt-ssh 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping af0abc4b-6980d-4fdd-ba63-192cb3d116be: ---------- retcode: 254 stderr: stdout: The host key needs to be accepted, to auto accept run salt-ssh with the -i flag: The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established. ECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4. Are you sure you want to continue connecting (yes/no)? (agent) [root@NODE ~]# salt-ssh -i --no-host-keys 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping af0abc4b-6980d-4fdd-ba63-192cb3d116be: True
But when I want to do the same thing with the python api I didn't find a way to specify the -i option so can it be done.
This is the python code I'm using :
from salt.client.ssh.client import SSHClient salt = SSHClient() salt.cmd('af0abc4b-6980d-4fdd-ba63-192cb3d116be', 'test.ping') Out: {'af0abc4b-6980d-4fdd-ba63-192cb3d116be': {'retcode': 254, 'stderr': '', 'stdout': "The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:\nThe authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.\nECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4.\nAre you sure you want to continue connecting (yes/no)? "}}
how can I do the same with the python code?? how can I use the options in the python api??
Best Regards,
Slim TABKA
Seth House
Aug 7, 2017, 2:15:19 PM8/7/17
to salt users list
This is a known limitation with SSHClient. You can track it and +1 it
in the issue below. I've heard (but not verified!) that configuring
`StrictHostKeyChecking ` in `$HOME/.ssh/config` is respected in
salt-ssh so that may be worth a try in the meantime.
https://github.com/saltstack/salt/issues/41237
> --
> You received this message because you are subscribed to the Google Groups
> "Salt-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to salt-users+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/salt-users/889f0131-d30c-4eac-87c0-93ac92b198e8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
in the issue below. I've heard (but not verified!) that configuring
`StrictHostKeyChecking ` in `$HOME/.ssh/config` is respected in
salt-ssh so that may be worth a try in the meantime.
https://github.com/saltstack/salt/issues/41237
> You received this message because you are subscribed to the Google Groups
> "Salt-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to salt-users+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/salt-users/889f0131-d30c-4eac-87c0-93ac92b198e8%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
slim tabka
Aug 8, 2017, 4:24:50 AM8/8/17
to Salt-users, se...@eseth.com
Thank you very much fr you response when `StrictHostKeyChecking ` is added in `$HOME/.ssh/config` it works just fine.
Hopefully one day it will be taken into account from the api without the need to touch the ssh config file.
Hopefully one day it will be taken into account from the api without the need to touch the ssh config file.
Reply all
Reply to author
Forward
0 new messages