Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiple entries in UserKnownHostsFile causes connection failure #1095

Open
castillar opened this issue May 4, 2024 · 0 comments
Open

Multiple entries in UserKnownHostsFile causes connection failure #1095

castillar opened this issue May 4, 2024 · 0 comments
Labels
Bug Label for all kind of bugs.

Comments

@castillar
Copy link

Describe the bug

Although it's not as commonly used, OpenSSH supports the inclusion of multiple known-hosts key files in the UserKnownHostsFile config entry. For example:

UserKnownHostsFile ~/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers

This entry, however, causes pyinfra to fail to connect to any host, as it appears to parse the whole line as the name of a single known-hosts file:

└─> ssh greyhound.domain.lan hostname
greyhound

└─> pyinfra greyhound.domain.lan exec -- echo "hello world"

--> Loading config...

--> Loading inventory...

--> Connecting to hosts...
    Failed to load host keys from /Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers: [Errno 2] No such file or directory: '/Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers'
No host key for greyhound.domain.lan found in known_hosts, do you want to continue [y/n] y
    [greyhound.domain.lan] Could not connect ([Errno 2] No such file or directory: '/Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers')
--> pyinfra error: No hosts remaining!

It's not entirely clear from a quick perusal of the code whether this is coming from paramiko or if it's endemic to the pyinfra code.

To Reproduce

Steps to reproduce the behavior, please include where possible:

Environment Description

  • Client: Mac OS X 14.4.1 with native SSH, python 3.11 installed via Homebrew, pyinfra installed from pip
  • Server: Fedora Linux 39

Steps

  1. Create a ~/.ssh/config file with multiple file entries in the UserKnownHostsFile key (see example above)
  2. Validate that connection with SSH works (e.g., ssh server.domain.lan hostname returns the remote hostname)
  3. Attempt to make a connection to that host with pyinfra.

Expected behavior

Ideally, this connection should just work as long as the host key is in one of the host key files listed. If there's an underlying issue with trying to search all of the files (e.g., paramiko doesn't support doing that yet), pyinfra could opt to do something like "if UserKnownHostsFile has multiple entries, trim the list to the first file and pretend that's the only entry", which would also be reasonable.

Meta

pyinfra --support

└─> pyinfra --support
--> Support information:

    If you are having issues with pyinfra or wish to make feature requests, please
    check out the GitHub issues at https://github.com/Fizzadar/pyinfra/issues .
    When adding an issue, be sure to include the following:

    System: Darwin
      Platform: macOS-14.4.1-arm64-arm-64bit
      Release: 23.4.0
      Machine: arm64
    pyinfra: v2.9.2
    Executable: /opt/homebrew/bin/pyinfra
    Python: 3.11.9 (CPython, Clang 15.0.0 (clang-1500.3.9.4))

Installation

pyinfra was installed using pip.

Debugging

No pyinfra-debug.log file was created; the output when running with -vv doesn't differ from running without it.

pyinfra --debug ... produces this:

└─> pyinfra --debug greyhound.domain.lan exec -- echo "hello world"

--> Loading config...

--> Loading inventory...
    [pyinfra_cli.inventory] Creating fake inventory...
    [pyinfra_cli.inventory] Checking possible group_data directory: /Users/castillar

--> Connecting to hosts...
    [pyinfra.connectors.ssh] Connecting to: greyhound.domain.lan ({'allow_agent': True, 'look_for_keys': True, 'hostname': 'greyhound.domain.lan', '_pyinfra_ssh_forward_agent': None, '_pyinfra_ssh_config_file': None, '_pyinfra_ssh_known_hosts_file': None, '_pyinfra_ssh_strict_host_key_checking': None, '_pyinfra_ssh_paramiko_connect_kwargs': None, 'timeout': 10})
    [pyinfra.connectors.sshuserclient.client] Loading SSH config: None
    Failed to load host keys from /Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webserver: [Errno 2] No such file or directory: '/Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers'
No host key for greyhound.domain.lan found in known_hosts, do you want to continue [y/n] y
    [greyhound.domain.lan] Could not connect ([Errno 2] No such file or directory: '/Users/castillar/.ssh/known_hosts ~/.ssh/known_hosts.infra ~/.ssh/known_hosts.webservers')
    [pyinfra.api.state] Failing hosts: greyhound.domain.lan
@castillar castillar added the Bug Label for all kind of bugs. label May 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Label for all kind of bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@castillar