Skip to content

[feature] prevent use of ssh-agent by default  #423

New issue
New issue
Open
Open
[feature] prevent use of ssh-agent by default #423
@a-dubs

Description

@a-dubs
a-dubs
opened on Sep 23, 2024

I had 8 ssh keys loaded into my ssh agent. running ssh-add -l listed 8 different keys.
When I have a handful or more keys loaded into my ssh agent, and try to run python examples/ibm.py, it fails to connect during the instance.wait() portion, giving the following errors in console:

INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_8.9p1)
INFO:paramiko.transport:Authentication (publickey) failed.
INFO:paramiko.transport:Authentication (publickey) failed.
INFO:paramiko.transport:Authentication (publickey) failed.
INFO:paramiko.transport:Authentication (publickey) failed.
INFO:paramiko.transport:Authentication (publickey) failed.
INFO:paramiko.transport:Disconnect (code 2): Too many authentication failures
DEBUG:pycloudlib.instance:Failed to obtain new boot id:

And then if i clear out my ssh keys so that ssh-add -l returns < 5 keys, the too many authentication failures go away, but you can see that it still tries to use all keys loading into my agent before trying the private key given to / created by pycloudlib:

python examples/ibm.py
DEBUG:pycloudlib.config:Loaded configuration from /home/a-dubs/.config/pycloudlib.toml
DEBUG:pycloudlib.cloud.IBM:logging into IBM
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): iam.cloud.ibm.com:443
DEBUG:urllib3.connectionpool:https://iam.cloud.ibm.com:443 "POST /identity/token HTTP/1.1" 200 1041
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): us-south.iaas.cloud.ibm.com:443
DEBUG:urllib3.connectionpool:https://us-south.iaas.cloud.ibm.com:443 "GET /v1/keys?version=2023-10-24&generation=2 HTTP/1.1" 200 None
DEBUG:urllib3.connectionpool:https://us-south.iaas.cloud.ibm.com:443 "GET /v1/keys?version=2023-10-24&generation=2&start=r006-eca9bac4-af31-4216-a1d3-939585edf009 HTTP/1.1" 200 None
DEBUG:pycloudlib.cloud.IBM:using SSH key from ibm-pubkey
...
INFO:pycloudlib.instance:_wait_for_execute to complete
DEBUG:pycloudlib.instance:Failed to obtain new boot id: 
DEBUG:pycloudlib.instance:Failed to obtain new boot id: 
DEBUG:pycloudlib.instance:Failed to obtain new boot id: 
DEBUG:pycloudlib.instance:Failed to obtain new boot id: 
DEBUG:pycloudlib.instance:Failed to obtain new boot id: 
INFO:paramiko.transport:Connected (version 2.0, client OpenSSH_8.9p1)
INFO:paramiko.transport:Authentication (publickey) successful!

Acceptance criteria:

  • Ssh-agent is not used by default
  • Allow way to configure use of ssh agent. maybe in pycloudlib.toml?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions