[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fab-user] Forcing ssh to fail if no host key?
From: |
Roy Smith |
Subject: |
Re: [Fab-user] Forcing ssh to fail if no host key? |
Date: |
Sat, 23 Jun 2012 12:58:27 -0400 |
On Jun 23, 2012, at 12:44 PM, Jeff Forcier wrote:
> On Sat, Jun 23, 2012 at 5:29 AM, Roy Smith <address@hidden> wrote:
>
>> The documentation (http://docs.fabfile.org/en/1.4.2/usage/ssh.html) is
>> really confusing. It starts out describing the Reject, Add, and Ask
>> options, but then only talks about setting reject_unknown_hosts to True or
>> False. What do I have to set to get the Rject behavior?
>
> That documentation is pretty clear (albeit its target audience is
> people already intermediate with SSH); you should try rereading it :(
> Unknown host rejection is basically a binary choice
Must be one of those tri-state binary choices (Reject, Add, Ask) :-) Actually,
I am pretty familiar with SSH, but not how fab interfaces with it. I put in
some quality time reading the fabric sources yesterday.
> However, it sounds like there is a bug, because it definitely
> shouldn't prompt for a password when you have reject_unknown_hosts set
> to True -- it should abort instead.
I ended up working around this by also doing:
env.abort_on_prompts = True
> I just looked into it and confirmed:
> https://github.com/fabric/fabric/issues/671
>
> I'll probably have this fixed in a few minutes and it'll be out in the
> next round of bugfix releases.
OK, thanks. That's a cleaner fix than my abort_on_prompts=True, since that
also affects things like prompting for a sudo password.
BTW, fabric is a really cool tool. We're using it to drive our deployment
involving about 15 hosts, a bunch of different services, and a haproxy front
end. Fabric really makes this simple.
--
Roy Smith
address@hidden