Re: [Fab-user] Forcing ssh to fail if no host key?

[Roy Smith]

On Jun 23, 2012, at 12:44 PM, Jeff Forcier wrote:

> On Sat, Jun 23, 2012 at 5:29 AM, Roy Smith <address@hidden> wrote:
> 
>> The documentation (http://docs.fabfile.org/en/1.4.2/usage/ssh.html) is
>> really confusing.  It starts out describing the Reject, Add, and Ask
>> options, but then only talks about setting reject_unknown_hosts to True or
>> False.  What do I have to set to get the Rject behavior?
> 
> That documentation is pretty clear (albeit its target audience is
> people already intermediate with SSH); you should try rereading it :(
> Unknown host rejection is basically a binary choice

Must be one of those tri-state binary choices (Reject, Add, Ask) :-)  Actually, 
I am pretty familiar with SSH, but not how fab interfaces with it.  I put in 
some quality time reading the fabric sources yesterday.

> However, it sounds like there is a bug, because it definitely
> shouldn't prompt for a password when you have reject_unknown_hosts set
> to True -- it should abort instead.

I ended up working around this by also doing:

env.abort_on_prompts = True


> I just looked into it and confirmed: 
> https://github.com/fabric/fabric/issues/671
> 
> I'll probably have this fixed in a few minutes and it'll be out in the
> next round of bugfix releases.

OK, thanks.  That's a cleaner fix than my abort_on_prompts=True, since that 
also affects things like prompting for a sudo password.

BTW, fabric is a really cool tool.  We're using it to drive our deployment 
involving about 15 hosts, a bunch of different services, and a haproxy front 
end.  Fabric really makes this simple.

--
Roy Smith
address@hidden