Your message dated Fri, 14 May 2010 08:21:52 +0900 with message-id <87hbmb9ylr.dancerj%[email protected]> and subject line Re: Bug#578683: dsh: cannot use identity key has caused the Debian Bug report #578683, regarding dsh: cannot use identity key to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 578683: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578683 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: dsh Version: 0.25.10-1 Severity: important Passing key options to ssh does not seem to work. It looks like dsh is first trying to login to the remote machine and then run the options. This approach prevents the use of ssh command keys, which are very useful when automating management and still limiting access. # grep -v ^# /etc/dsh/dsh.conf verbose = 1 remoteshell = ssh showmachinenames = 0 waitshell=1 # whether to wait for execution remoteshellopt=-i /root/.ssh/id_dsa_control # dsh -m somemachine -- uptime Setting verbose to [1] Parameter remoteshell is ssh Using ssh as the remote shell Parameter showmachinenames is 0 Setting pipe option to [0] Parameter waitshell is 1 Setting wait-shell to [1] Parameter remoteshellopt is -i /root/.ssh/id_dsa_control Adding [-i /root/.ssh/id_dsa_control] to shell options Loading config file /root/.dsh/dsh.conf Adding machine somemachine to list --- Executing on somemachine DUMPing parameters passed to llexec [-i /root/.ssh/id_dsa_control] [somemachine] [uptime] ... Waiting for process to end with waitpid Warning: Identity file /root/.ssh/id_dsa_control not accessible: No such file or directory. r...@somemachine's password: # ssh -i /root/.ssh/id_dsa_control somemachine OpenSSH_4.7p1 Debian-12, OpenSSL 0.9.8k 25 Mar 2009 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to somemachine [192.168.0.73] port 22. debug1: Connection established. ... debug1: Offering public key: /root/.ssh/id_dsa_control debug1: Server accepts key: pkalg ssh-dss blen 433 debug1: read PEM private key done: type DSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LC_MESSAGES = en_US debug1: Sending env LANG = en_US Last login: Wed Apr 21 13:12:47 2010 from mymachine.cs.uchicago.edu r...@somemachine:~# Workaround: Create ~/.ssh/config: Host * IdentityFile ~/.ssh/id_dsa_control This doesn't scale properly, because it's an all (*) or per-host option, and has no information on the groups dsh provides. Moreover, per the same problem as above, one cannot specify an alternative ssh config file with the '-f' option. Properly, the file should contain: for machine in $dsh_group; do # write ssh config file parameters for each machine: Host $machine IdentityFile ~/.ssh/id_dsa_control done -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages dsh depends on: ii libc6 2.7-12 GNU C Library: Shared libraries ii libdshconfig1 0.20.13-1 configuration file parser library dsh recommends no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Thanks. At Thu, 22 Apr 2010 08:38:47 -0500, Virgil Gheorghiu wrote: > > One needs an -o in front of each space separated option entered, e.g.: > > $ dsh -r ssh -o -i -o /root/.ssh/id_dsa_control -m somemachine -- uptime > $ dsh -r ssh -o -i/root/.ssh/id_dsa_control -m somemachine -- uptime > But not: > $ dsh -r ssh -o -i /root/.ssh/id_dsa_control -m somemachine -- uptime > > I used strace: > $ strace -o attic/dsh.out -f dsh -r ssh -o -i -o /root/.ssh/id_dsa_control > -m somemachine -- uptime > When the argv array gets populated correctly, we get: > execve("/usr/bin/ssh", ["ssh", "-i", "/root/.ssh/id_dsa_control", > "somemachine", "uptime"], [/* 19 vars */]) = 0 > But in the non-working example we get: > execve("/usr/bin/ssh", ["ssh", "-i /root/.ssh/id_dsa_control", > "somemachine", "uptime"], [/* 19 vars */]) = 0 > > Thus, the dsh(1) man page must be taken literally as one option means 'up > to a space'. > Feel free to close the 'bug'. > > Thank you, > Virgil > >
--- End Message ---
