-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support SSH Agent forwarding for paramiko SSH connections #159
Support SSH Agent forwarding for paramiko SSH connections #159
Conversation
First release after renaming the project to nornir
Adds the ssh_forwardagent (bool) attribute to a Host. This value can be set in the inventory (nornir_ssh_forwardagent), or can be read from a ssh_config file using the host ForwardAgent flag (see man ssh_config). Tasks, like remote_command, can then enable Agent Forwarding on the paramiko channel.
I think we should also consider how this integrates to Netmiko when an SSH config file is used (and also potentially NAPALM for the Netmiko-based drivers). Unit tests are failing looks like there are some linting and black errors. |
Linting issue has been fixed. |
nornir/core/inventory.py
Outdated
@@ -191,6 +191,15 @@ def ssh_port(self): | |||
"""Either ``nornir_ssh_port`` or 22.""" | |||
return self.get("nornir_ssh_port", 22) | |||
|
|||
@property |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it worth adding this as a property? I think I'd rather keep things in the ssh config to avoid making this more complex. What do you think? Is there a strong case where you think it'd be worth managing this in an inventory file instead of in a proper ssh config file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought pretty much the same thing...i.e. that it probably didn't make sense to have a separate attribute for this and that we should just do this through the SSH config file.
My use case(s) definitely don’t have the need for it to be a separate property.
I just wanted to make it accessible in other ways then the config file, but it might not make a lot of sense now that I think about it again. (Keep it similar to the proxy command support)
I’ll remove it, if that is the consensus.
… On 26 Jun 2018, at 21:15, Kirk Byers ***@***.***> wrote:
@ktbyers commented on this pull request.
In nornir/core/inventory.py:
> @@ -191,6 +191,15 @@ def ssh_port(self):
"""Either ``nornir_ssh_port`` or 22."""
return self.get("nornir_ssh_port", 22)
+ @Property
I thought pretty much the same thing...i.e. that it probably didn't make sense to have a separate attribute for this and that we should just do this through the SSH config file.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
let's do that, let's just read it from the ssh config. If someone comes with a compelling use case we can revisit this. |
@@ -35,6 +35,11 @@ def paramiko_connection(task=None): | |||
if "proxycommand" in user_config: | |||
parameters["sock"] = paramiko.ProxyCommand(user_config["proxycommand"]) | |||
|
|||
task.host["ssh_forwardagent"] = False |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you turn this into a private attribute (i.e. task.host._ssh_forward_agent
), please? I don't want to write into the Host
inventory data. To avoid problems make sure you initialize the same attribute in Host.__init__()
as None
.
I did minor changes to your code and merged it here: 0baf86f If there is anything wrong let me know. |
Adds the ssh_forwardagent (bool) attribute to a Host.
This value can be set in the inventory (nornir_ssh_forwardagent), or can be read from a ssh_config file using the host ForwardAgent flag (see man ssh_config).
Tasks, like remote_command, can then enable Agent Forwarding on the paramiko channel.