-
Notifications
You must be signed in to change notification settings - Fork 343
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Adds allow_agent option to Device() object #920
base: master
Are you sure you want to change the base?
Conversation
Can one of the admins verify this patch? |
This is a bit better than the current situation as we can workaround the inability to use an agent without modifying the code. However, this is still a bit weird to have to pass an additional option to make it From all the conversations around this we had, no one was able to explain why we try to disable the agent functionality in the first place. The regular OpenSSH client ( As a compromise, in #648, I am disabling the agent only if a private key is specifically provided. When the private key is fetched from |
@stacywsmith Can you please provide your input on the issue ?? |
@rsmekala I'm really not sure why |
In #281, there is the mention of a popup when enabling the agent. I suppose this is a reference to OSX. Can someone on OSX test if there is a popup when enabling the agent? |
I agree with @vincentbernat here. To be honest, I also don't understand why py-junos-eznc has to have all of this complex logic around SSH options, including this, but also hardcoding a path to In the eznc -> ncclient -> paramiko chain, you'd think that the SSH client behavior would be something left to the SSH implementation (= paramiko), which would in turn parse an OpenSSH-compatible The current code is very simplistic and broken with so many different ways -- anything but a very simple configuration will not work. |
Can one of the admins verify this patch? |
#1284 is an updated version of this patch. Curiously ProxyJump doesn't work with this PR combined with Juniper/ansible-junos-stdlib#634 but ProxyCommand does.
"bob" is my user on the juniperdevice but not my user locally. |
Problem
User currently cannot control the value of
allow_agent
being passed to ncclient.connect().Analysis
PyEZ internally sets the value of
allow_agent
before passing it to ncclient. It is set toTrue
only if PyEZ cannot gather thepasswd
orssh_private_keyfile
.In case the user has not specified
passwd
orssh_private_keyfile
, PyEZ will use thessh_config
to populate the variables. In this case, since PyEZ is able to gather the credentialsallow_agent
is set toFalse
.The above logic works fine for a simpler SSH configuration, where only
ssh_private_keyfile
,port
anduser
are mentioned int SSH configuration, any additional options mentioned in the file are ignored.Solution
To add a new optional argument
bool allow_agent
. There are 3 cases:allow_agent is True
: PyEZ will not load the values of ssh_private_key_file or passwd and allow_agent will be passed as True to ncclient.connect().allow_agent is Fale
: PyEZ will load the values of above variables if it is able to gather and allow_agent will be passed as False to ncclient.connect().allow_agent is not provided
: PyEZ will fallback to default behavior and set the value of allow_agent at runtime, based on whether it is able to gather the credentials or not.Note: PyEZ will prefer the user-provided value of
allow_agent
over the runtime valueRelated issues:
#648