fab-user
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] How set shell to none

From: Zhigang Wang
Subject: Re: [Fab-user] How set shell to none
Date: Wed, 10 Apr 2013 11:36:14 -0700
This explanation is excellent. I think this IS the root cause. Because the error message is:

# python ilom.py -s address@hidden -p changeme
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57: PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.
  _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to avoid timing attack vulnerability.", PowmInsecureWarning)
address@hidden Executing task 'ilom_get_version'
address@hidden run: version
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)
INFO:paramiko.transport:Authentication (keyboard-interactive) successful!
INFO:paramiko.transport:Secsh channel 1 opened.
address@hidden out: shell: Invalid credentials
address@hidden out: 
address@hidden out: 
address@hidden out: 

Disconnecting from ca-dev33m... done.
shell: Invalid credentials

<shell: Invalid credentials>

If Jeff or other pro could propose a solution/workaround/hack for this. I'm happy to test it.

Thanks,

Zhigang


On Wed, Apr 10, 2013 at 10:54 AM, Chris Vest <address@hidden> wrote:
With the command sub-protocol (which I'm calling it because I don't remember what it is otherwise called) a client (fabric, ssh, etc) will be told the return code of a command when it finishes executing on the remote machine.

With the shell sub-protocol, you are told the return code of the shell, when the shell session ends. Shell sessions usually end “well” even if all the commands executed through it has failed. Shells also typically wait for more input when they've finished running a command, and they only notify you of this by printing a dynamically configurable string that typically doesn't end with a line break.

That's why tools like fabric prefer to use the command sub-protocol. I don't know of any good work around to this.

Chris

On 10 Apr 2013, at 19:04, Zhigang Wang <address@hidden> wrote:

On Wed, Apr 10, 2013 at 9:49 AM, Chris Vest <address@hidden> wrote:
So you say this works:
echo "<cmd>" | address@hidden:port


yes
 
Does this work?
address@hidden:port "<cmd>"

no 


Fabric (assuming my info is current) uses the command sub-protocol of ssh, not the shell sub-protocol, which I'm guessing is what happens when you pipe to ssh.


Seems we are tracking down to the point. Will check what is the difference between the two. If anyone has a workaround for fabric to use "shell sub-protocol"?

Thanks,

Zhigang
 
Chris

On 10/04/2013, at 16.51, Zhigang Wang <address@hidden> wrote:

Thanks very much. However, it doesn't work.

I think this issue may live in the paramiko side: don't know anyone familiar with the difference between:

1. ssh address@hidden:port <cmd>

2. echo "<cmd>" | address@hidden:port

The second one works. So maybe we can emulate that behavior in paramiko/fabric.

Thanks,

Zhigang



On Tue, Apr 9, 2013 at 9:52 PM, Jeff Forcier <address@hidden> wrote:
Pro tip:

* Read up on what ssh -T does (it disables allocation of a remote pty)
* Search Fabric docs for "pty"
* Find out you can set env.always_use_pty=False to disable use of a remote pty
* Hopefully discover that this fixes the problem (?)


On Tue, Apr 9, 2013 at 7:16 PM, Zhigang Wang <address@hidden> wrote:
> Thanks.
>
> Currently I hit this:
> http://net-ssh.lighthouseapp.com/projects/36253/tickets/32-sun-ilom-wont-accept-commands-even-after-successful-login
>
> Maybe a ILOM bug, but they have workaround:
>
> Doesnt' work:
>
> $ ssh -t address@hidden "show /SYS"
>
> Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the list of
> known hosts.
> Password:
> shell: Invalid credentials
>
>
> Connection to ca-dev33m closed.
>
> Works:
>
> $ echo "show /SYS" | ssh -T address@hidden
>
> How to clone the same behavior in fabric?
>
> Using our fabric:
>
> # python ilom.py -s address@hidden -p changeme
> /usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:
> PowmInsecureWarning: Not using mpz_powm_sec.  You should rebuild using
> libgmp >= 5 to avoid timing attack vulnerability.
>   _warn("Not using mpz_powm_sec.  You should rebuild using libgmp >= 5 to
> avoid timing attack vulnerability.", PowmInsecureWarning)
> address@hidden Executing task 'ilom_get_mac'
> address@hidden run: show /System ilom_mac_address
> INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_5.1)
> INFO:paramiko.transport:Authentication (keyboard-interactive) successful!
> INFO:paramiko.transport:Secsh channel 1 opened.
> address@hidden out: shell: Invalid credentials
> address@hidden out:
> address@hidden out:
> address@hidden out:
>
> Disconnecting from ca-dev33m... done.
> shell: Invalid credentials
>
>
> From here:
> https://groups.google.com/group/mailing.unix.openssh-dev/tree/browse_frm/month/2009-07?_done=%2Fgroup%2Fmailing.unix.openssh-dev%2Fbrowse_frm%2Fmonth%2F2009-07%3F&
>
> It may related to the buffersize? How can I enlarge the buffersize for
> fabric?
>
> I tried env.linewise=True, it doesn't help.
>
> I will continue debugging on it.
>
> Thanks,
>
> Zhigang
>
>
> On Tue, Apr 9, 2013 at 6:55 PM, Jeff Forcier <address@hidden> wrote:
>>
>> Try setting env.use_shell = False:
>>
>>     http://docs.fabfile.org/en/1.6/usage/env.html#use-shell
>>
>> On Tue, Apr 9, 2013 at 6:40 PM, Zhigang Wang <address@hidden> wrote:
>> > Hi Jeff and all,
>> >
>> > I want to use fabric for ilom, a ssh configuration interface. Currently
>> > it
>> > doesn't work because the ilom system doesn't have a shell there. How can
>> > set
>> > env.shell to none? Or is it supported?
>> >
>> > The ilom shell:
>> >
>> > $ ssh address@hidden
>> > Warning: Permanently added 'ca-dev33m,10.211.2.238' (RSA) to the list of
>> > known hosts.
>> > Password:
>> >
>> > Oracle(R) Integrated Lights Out Manager
>> >
>> > Version 3.1.2.10 r74387
>> >
>> > Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
>> >
>> > Warning: password is set to factory default.
>> >
>> > -> help
>> > The help command is used to view information about commands and targets
>> >
>> > Usage: help [-format wrap|nowrap] [-o|-output terse|verbose]
>> > [<command>|legal|targets|<target>|<target> <property>]
>> >
>> > Special characters used in the help command are
>> > []   encloses optional keywords or options
>> > <>   encloses a description of the keyword
>> >      (If <> is not present, an actual keyword is indicated)
>> > |    indicates a choice of keywords or options
>> >
>> > help <target>              displays description if this target and its
>> > properties
>> > help <target> <property>   displays description of this property of this
>> > target
>> > help targets               displays a list of targets
>> > help legal                 displays the product legal notice
>> >
>> > Commands are:
>> > cd
>> > create
>> > delete
>> > dump
>> > exit
>> > help
>> > load
>> > reset
>> > set
>> > show
>> > start
>> > stop
>> > version
>> >
>> > -> sh
>> > Invalid command 'sh' - type help for a list of commands.
>> >
>> > -> bash
>> > Invalid command 'bash' - type help for a list of commands.
>> >
>> > Thanks,
>> >
>> > Zhigang
>>
>>
>>
>> --
>> Jeff Forcier
>> Unix sysadmin; Python/Ruby engineer
>> http://bitprophet.org
>
>



--
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org

_______________________________________________
Fab-user mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/fab-user


reply via email to
[Prev in Thread] Current Thread [Next in Thread]