[Twisted-Python] SSH agent
Hi all, is there example code how to use an SSH agent with Twisted Conch? How stable is this functionality, would you recommend to use it or would you rather opt for other approaches for having Python scripts use an SSH agent? Regards, stefan
On 8/24/07, stefan.lange@ubs.com <stefan.lange@ubs.com> wrote:
Hi all,
is there example code how to use an SSH agent with Twisted Conch? How stable is this functionality, would you recommend to use it or would you rather > opt for other approaches for having Python scripts use an SSH agent?
There is some code in twisted.conch.ssh.agent to interact with a key agent. It doesn't implement all of the features an agent supports, just enough to test and get identities. What are you trying to use an agent for? -p -- Paul Swartz paulswartz at gmail dot com http://z3p.livejournal.com/ AIM: z3penguin
Hi Paul, I want to use a scripted approach for executing different sorts of tasks on a couple of machines, initiated from 1 central machine. The administrative user should get prompted for the SSH passphrase only once (at start of the script), from then on the script should run unattended, without requiring further interactive input. Would you estimate the subset of SSH agent functionality implemented in Conch is sufficient for this? Which features are missing? Regards, stefan -----Original Message----- From: twisted-python-bounces@twistedmatrix.com [mailto:twisted-python-bounces@twistedmatrix.com]On Behalf Of Paul Swartz Sent: 26 August 2007 22:17 To: Twisted general discussion Subject: Re: [Twisted-Python] SSH agent On 8/24/07, stefan.lange@ubs.com <stefan.lange@ubs.com> wrote:
Hi all,
is there example code how to use an SSH agent with Twisted Conch? How stable is this functionality, would you recommend to use it or would you rather > opt for other approaches for having Python scripts use an SSH agent?
There is some code in twisted.conch.ssh.agent to interact with a key agent. It doesn't implement all of the features an agent supports, just enough to test and get identities. What are you trying to use an agent for? -p -- Paul Swartz paulswartz at gmail dot com http://z3p.livejournal.com/ AIM: z3penguin _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
On 8/27/07, stefan.lange@ubs.com <stefan.lange@ubs.com> wrote:
Hi Paul,
I want to use a scripted approach for executing different sorts of tasks on a couple of machines, initiated from 1 central machine. The administrative user should get prompted for the SSH passphrase only once (at start of the script), from then on the script should run unattended, without requiring further interactive input. Would you estimate the subset of SSH agent functionality implemented in Conch is sufficient for this? Which features are missing?
If that's all you want, you don't need an agent at all. Just decrypt the key (see t.c.ssh.keys.getPrivateKeyObject) and then implement something like doc/conch/examples/sshsimpleclient.py using that decrypted key. -p -- Paul Swartz paulswartz at gmail dot com http://z3p.livejournal.com/ AIM: z3penguin
Thanks, you are certainly right. I was first concerned about security implications when directly reading in the private key instead of accessing an SSH agent but on second thought there seems no difference security wise. Got the slightly modified example working, following your advice. Another question: Is there already functionality in Twisted for using Kerberos for SSH authentication? Regards, stefan -----Original Message----- From: twisted-python-bounces@twistedmatrix.com [mailto:twisted-python-bounces@twistedmatrix.com]On Behalf Of Paul Swartz Sent: 27 August 2007 14:41 To: Twisted general discussion Subject: Re: [Twisted-Python] SSH agent On 8/27/07, stefan.lange@ubs.com <stefan.lange@ubs.com> wrote:
Hi Paul,
I want to use a scripted approach for executing different sorts of tasks on a couple of machines, initiated from 1 central machine. The administrative user should get prompted for the SSH passphrase only once (at start of the script), from then on the script should run unattended, without requiring further interactive input. Would you estimate the subset of SSH agent functionality implemented in Conch is sufficient for this? Which features are missing?
If that's all you want, you don't need an agent at all. Just decrypt the key (see t.c.ssh.keys.getPrivateKeyObject) and then implement something like doc/conch/examples/sshsimpleclient.py using that decrypted key. -p -- Paul Swartz paulswartz at gmail dot com http://z3p.livejournal.com/ AIM: z3penguin _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
On 8/27/07, stefan.lange@ubs.com <stefan.lange@ubs.com> wrote:
Thanks, you are certainly right. I was first concerned about security implications when directly reading in the private key instead of accessing an SSH agent but on second thought there seems no difference security wise. Got the slightly modified example working, following your advice.
Another question: Is there already functionality in Twisted for using Kerberos for SSH authentication?
There is not, but patches are certainly welcome :) -p -- Paul Swartz paulswartz at gmail dot com http://z3p.livejournal.com/ AIM: z3penguin
participants (2)
-
Paul Swartz
-
stefan.lange@ubs.com