Support SSH Agent forwarding for paramiko SSH connections #159
Conversation
First release after renaming the project to nornir
Adds the ssh_forwardagent (bool) attribute to a Host. This value can be set in the inventory (nornir_ssh_forwardagent), or can be read from a ssh_config file using the host ForwardAgent flag (see man ssh_config). Tasks, like remote_command, can then enable Agent Forwarding on the paramiko channel.
|
I think we should also consider how this integrates to Netmiko when an SSH config file is used (and also potentially NAPALM for the Netmiko-based drivers). Unit tests are failing looks like there are some linting and black errors. |
|
Linting issue has been fixed. |
nornir/core/inventory.py
Outdated
| @@ -191,6 +191,15 @@ def ssh_port(self): | |||
| """Either ``nornir_ssh_port`` or 22.""" | |||
| return self.get("nornir_ssh_port", 22) | |||
|
|
|||
| @property | |||
There was a problem hiding this comment.
Is it worth adding this as a property? I think I'd rather keep things in the ssh config to avoid making this more complex. What do you think? Is there a strong case where you think it'd be worth managing this in an inventory file instead of in a proper ssh config file?
There was a problem hiding this comment.
I thought pretty much the same thing...i.e. that it probably didn't make sense to have a separate attribute for this and that we should just do this through the SSH config file.
|
My use case(s) definitely don’t have the need for it to be a separate property.
I just wanted to make it accessible in other ways then the config file, but it might not make a lot of sense now that I think about it again. (Keep it similar to the proxy command support)
I’ll remove it, if that is the consensus.
… On 26 Jun 2018, at 21:15, Kirk Byers ***@***.***> wrote:
@ktbyers commented on this pull request.
In nornir/core/inventory.py:
> @@ -191,6 +191,15 @@ def ssh_port(self):
"""Either ``nornir_ssh_port`` or 22."""
return self.get("nornir_ssh_port", 22)
+ @Property
I thought pretty much the same thing...i.e. that it probably didn't make sense to have a separate attribute for this and that we should just do this through the SSH config file.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
let's do that, let's just read it from the ssh config. If someone comes with a compelling use case we can revisit this. |
| @@ -35,6 +35,11 @@ def paramiko_connection(task=None): | |||
| if "proxycommand" in user_config: | |||
| parameters["sock"] = paramiko.ProxyCommand(user_config["proxycommand"]) | |||
|
|
|||
| task.host["ssh_forwardagent"] = False | |||
There was a problem hiding this comment.
can you turn this into a private attribute (i.e. task.host._ssh_forward_agent), please? I don't want to write into the Host inventory data. To avoid problems make sure you initialize the same attribute in Host.__init__() as None.
|
I did minor changes to your code and merged it here: 0baf86f If there is anything wrong let me know. |
Adds the ssh_forwardagent (bool) attribute to a Host.
This value can be set in the inventory (nornir_ssh_forwardagent), or can be read from a ssh_config file using the host ForwardAgent flag (see man ssh_config).
Tasks, like remote_command, can then enable Agent Forwarding on the paramiko channel.