[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fab-user] EC2 host keys
From: |
Patrick J McNerthney |
Subject: |
[Fab-user] EC2 host keys |
Date: |
Sat, 09 May 2009 11:10:37 -0400 |
User-agent: |
Thunderbird 2.0.0.21 (X11/20090409) |
I have an issue with Amazon EC2 instances where ssh host keys have been
saved in .ssh/known_hosts but are incompatible with an EC2 instance ip
address. This occurs when the ip address has been reassigned to a new
EC2 instance. So the basic sequence of events are:
o Start an EC2 instance which is assigned an ip address.
o ssh to that ip address and that server's ssh key is associated with
that ip address in the known_hosts file.
o Terminate that EC2 instance.
o A new EC2 instance is started and it happens to get assigned the same
ip address.
At this point, if I first ssh to it, I have ssh configured with
StrictHostKeyChecking set to no, so ssh will emit a warning about this
ip address having a new key, but still allows me to continue.
However, if at this point I try to use Fabric to execute some commands,
it always will fail. This is because the
SSHClient.load_system_host_keys is always called, causing the connection
to fail if there is an incompatibility between the ip address and the
server key.
I have addressed this in my own fork here:
http://github.com/iciclespider/fabric/commit/08ad1c491e5643990c2a35e865784d2b61aa742f
What this does is replace this:
client.load_system_host_keys()
if not env.reject_unknown_keys:
client.set_missing_host_key_policy(ssh.AutoAddPolicy())
with this:
if env.reject_unknown_keys:
client.load_system_host_keys()
else:
client.set_missing_host_key_policy(ssh.AutoAddPolicy())
I also considered using another env setting value to control this, but
my conclusion that this behavior is in fact in line with the implied
behavior of the "reject_unknown_keys" name. In other words, the list of
known keys should only be loaded if the intention is to reject those
keys that are not known.
Pat McNerthney
ClearPoint Metrics, Inc.
- [Fab-user] EC2 host keys,
Patrick J McNerthney <=
- Re: [Fab-user] EC2 host keys, Jeff Forcier, 2009/05/09
- Re: [Fab-user] EC2 host keys, Patrick J McNerthney, 2009/05/09
- Re: [Fab-user] EC2 host keys, Jeff Forcier, 2009/05/09
- Re: [Fab-user] EC2 host keys, Christian Vest Hansen, 2009/05/09
- Re: [Fab-user] EC2 host keys, Jeff Forcier, 2009/05/09
- Re: [Fab-user] EC2 host keys, Patrick J McNerthney, 2009/05/09
- Re: [Fab-user] EC2 host keys, Jeff Forcier, 2009/05/09
- Re: [Fab-user] EC2 host keys, Patrick J McNerthney, 2009/05/09
Re: [Fab-user] EC2 host keys, s s, 2009/05/09