OK, I'm like the guy who posts something on Stackoverflow, and then starts answering his own question a few minutes later...
Added the debugging code to top of fabfile.py import logginglogging.basicConfig(level=logging.DEBUG) So here's a few pertinent lines from the debugging log... DEBUG:paramiko.transport:Switch to new keys ... DEBUG:paramiko.transport:userauth is OK DEBUG:paramiko.transport:Authentication type (password) not permitted. DEBUG:paramiko.transport:Allowed methods: [u'publickey'] [examplehost] Login password for ' examplehost ': [examplehost] Login password for ' examplehost ': [examplehost] Login password for ' examplehost ': What does it mean when it says: *userauth is OK* followed by: Authentication type (password) not permitted. I've tested the SSH RSA keys (via MobaXterm <https://mobaxterm.mobatek.net/> - a great alternative to Putty) and the keys DO allow me to login with no password -- which is what I want. On Wed, Aug 29, 2018 at 3:23 PM Doug Vos <[email protected]> wrote: > > Hello fabric world! (My first post to this fabulous group): > > I'm building a set of WordPress maintenance tools with Python > Fabric > > Invoke > Paramiko > > It's working great on several popular hosting platforms that provide SSH > and WP-CLI <https://wp-cli.org/> > > However, I keep running into issues where fabric is asking for the > password over and over again --even though I've set the SSH 4096 RSA keys > to log-me-in without password. > > Currently the scripts are running successfully every morning, gathering > plugin and theme data automatically for over 20 domains (running WP) at > several different hosting companies. It's essential to this project that > after the SSH RSA/DSA keys are properly installed and tested that the > scripts never ask for a password again -- causing the scripts to halt. > > Obviously, I'm trying to configure the strong SSH keys to NOT use a > '*passphrase' > and not use a 'password'.* In some cases it needs a password, so I've > jiggered up some code that keeps the password active. > > *CODE example* > from fabric.api import * > from fabric.contrib.console import confirm > > env.passwords = json.load(open("/blah/blah/web_hosts")) > > env.use_ssh_config = True > env.skip_bad_hosts = True > env.output_prefix = False > env.warn_only = False # Set False to prevent PHP warnings, etc. > env.timeout = 45 # Wait up to 45 seconds > env.connection_attempts = 3 # Try connecting 3 times > env.eagerly_disconnect = True # Close the connection after batch > env.disable_known_hosts = False # False by default > # Warning: Setting env.disable_known_hosts = True leaves us open to > # man-in-the-middle attacks! Please use with caution when testing. > # ------------------------------------------------------------------- > > So, I keep asking myself -- Why do some hosts keeping asking for a > password anyway? and Why is the script working on 20 domains, but not the > few exceptions? > > *What suggestions do you have for debugging the SSH configs (keys, > passwords, and passphrases) and web-hosts that are causing me grief?* > > I know about the issue with passphrase. I've read these pages > > - http://www.fabfile.org/faq.html > - http://www.fabfile.org/troubleshooting.html > > Starting to do some serious debugging and trouble shooting but it's taking > many hours.... so looking for some helpful advice. Thank-you! > > P.S. I'm starting to port my scripts to Fabric 2.3.1 -- but not there > yet... > > > >
_______________________________________________ Fab-user mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/fab-user
