fab-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] specifying login and password?


From: Timothee Besset
Subject: Re: [Fab-user] specifying login and password?
Date: Wed, 18 Feb 2009 14:54:27 -0600
User-agent: Mozilla-Thunderbird 2.0.0.19 (X11/20090103)

Jeff Forcier wrote:
> Hi Timothee,
>
> Nicolas is largely correct, the "best" way to handle this is to use
> SSH key-based authentication, which then means you won't need to be
> prompted for any passwords during the connection phase.
>
> However, that's only a partial solution because you'll still need to
> do each password in the event of a sudo() operation, assuming your
> connection user doesn't have blanket passwordless sudo (not
> recommended!).
>
> We don't really have good password management in Fabric right now, and
> storing user passwords in general is always a tricky issue, so while
> I'd like to put something in to make it more convenient in your case
> (many different passwords across systems) it will take some
> deliberation about how to best do it, or if it's something we should
> *be* doing.
>
> Rest assured that the issue is on the table, however :)
>
> Best,
> Jeff
>
>   

Good to hear.

We are basically getting new systems, on which we start with a root +
password ssh account (>20 of them per batch), and we are writing scripts
to get them configured. Once configured, the machines mostly answer to a
set of ssh keys, but considering the number of machines we are trying to
automate the process starting from the initial root account info we get.

Generating the fab files as I've shown works well enough for that.

The sudo/priviledge escalation problem remains though. Our standard sshd
lockdown requires that we turn off login as root, and expect users to
login through their own account, then sudo .. easier to track and
control that way.

Best,
TTimo

> On Wed, Feb 18, 2009 at 2:55 PM, Nicolas Steinmetz <address@hidden> wrote:
>   
>> 2009/2/18 Timothee Besset <address@hidden>
>>     
>>> Hello,
>>>
>>> New user .. finding documentation very, very scarce ..
>>>
>>> Is there a way to specify login and password along with the hosts list?
>>> I want to use fab to configure a fairly large number of machines with
>>> different access settings.
>>>       
>> One solution would be to use ssh connections with key (and then without
>> managing login & password). It depends whether your architecture allows it
>> or not.
>> Not really a direct answer, sorry.
>> Otherwise, did you look at sudo command, you should be able to use a login
>> and maybe a password too.
>> Hope it helps a little bit,
>> Nicolas
>> --
>> Nicolas Steinmetz
>> http://www.steinmetz.fr - http://www.unelectronlibre.info/
>>
>> _______________________________________________
>> Fab-user mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>
>>
>>     






reply via email to

[Prev in Thread] Current Thread [Next in Thread]