Libssh client does not attempt agent authentication

[gminorcoles]

I dont know if this is an issue, but the discussion area seems to have no activity. I am trying to switch over to parallel-ssh because it uses python and I can stay organized better than a bunch of bash scripts, and I hate ansible.

I have pssh setup to use the public keys I copied to my remote servers using ssh-copy-id. On my dev machine I can used ssh-agent and ssh-add to make it so I can log into a remote using "ssh host1" and if the agent has a PID, I am not challenged with a password.

I am not sure how to set this up in parallel-ssh. I have tried just not entering a password in the client constructor but that gives me authentication errors. I have tried to use pkey but that gives errors too - the auth() method says FileError but no detail, and I cannot debug into the public key auth method I guess because it is wrapped C.

[pkittenis]

Thanks for the interest.

SSH agent is used by default, per instructions.

If you have an example where an agent has a working key but does not work can raise a bug with code to reproduce per bug template directions.

Start with enabling debug log. From docs:

from pssh.utils import enable_debug_logger
from pssh.clients import SSHClient

enable_debug_logger()

client = SSHClient('localhost')
host_out = client.run_command('uname')
for line in host_out.stdout:
    print(line)
exit_code = host_out.exit_code

[pkittenis]

Please use discussions for questions.

If there is an issue with library provide code to reproduce to be able to help further.

[gminorcoles]

I ran the setup for ssh agent and ssh add, then ran your test code and I get this output

Starting new session for ubuntu@kr3.lan:22
Session started, connecting with existing socket
Agent auth failed with b'', continuing with other authentication methods
Agent auth failed with b'', continuing with other authentication methods
Agent auth failed with b'', continuing with other authentication methods

then I go to the terminal and type

ssh ubuntu@kr3.lan
and it works

[pkittenis]

Is that all the output you get from running the above code?

Can you please show output of ssh -v ubuntu@kr3.lan

[gminorcoles]

OpenSSH_8.2p1 Ubuntu-4ubuntu0.1, OpenSSL 1.1.1f 31 Mar 2020
debug1: Reading configuration data /home/ubuntu/.ssh/config
debug1: /home/ubuntu/.ssh/config line 9: Applying options for kr3.lan
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug1: Connecting to kr3.lan [192.168.88.244] port 22.
debug1: Connection established.
debug1: identity file /home/ubuntu/.ssh/id_rsa type -1
debug1: identity file /home/ubuntu/.ssh/id_rsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa type -1
debug1: identity file /home/ubuntu/.ssh/id_dsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519 type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk type -1
debug1: identity file /home/ubuntu/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss type -1
debug1: identity file /home/ubuntu/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
debug1: match: OpenSSH_8.2p1 Ubuntu-4ubuntu0.1 pat OpenSSH compat 0x04000000
debug1: Authenticating to kr3.lan:22 as 'ubuntu'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:JCDDuqxvMOgtZ+lYfai0S84IKKETZ/S6ERN/p4zHGek
debug1: Host 'kr3.lan' is known and matches the ECDSA host key.
debug1: Found key in /home/ubuntu/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: gminorcoles@gmail.com ED25519 SHA256:EDsf+veNV1uqKfX92hJNjPvpfHjbCn+fUSH78c5pTgU agent
debug1: Will attempt key: /home/ubuntu/.ssh/id_rsa
debug1: Will attempt key: /home/ubuntu/.ssh/id_dsa
debug1: Will attempt key: /home/ubuntu/.ssh/id_ecdsa
debug1: Will attempt key: /home/ubuntu/.ssh/id_ecdsa_sk
debug1: Will attempt key: /home/ubuntu/.ssh/id_ed25519
debug1: Will attempt key: /home/ubuntu/.ssh/id_ed25519_sk
debug1: Will attempt key: /home/ubuntu/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: gminorcoles@gmail.com ED25519 SHA256:EDsf+veNV1uqKfX92hJNjPvpfHjbCn+fUSH78c5pTgU agent
debug1: Server accepts key: gminorcoles@gmail.com ED25519 SHA256:EDsf+veNV1uqKfX92hJNjPvpfHjbCn+fUSH78c5pTgU agent
debug1: Authentication succeeded (publickey).
Authenticated to kr3.lan ([192.168.88.244]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: pledge: network
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Remote: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Remote: /home/ubuntu/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding
debug1: Requesting authentication agent forwarding.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8

[pkittenis]

Your ssh command is login in with ubuntu user. Are you using the user argument? You also seem to be using client from pssh.clients.ssh rather than the default per code above.

Code that is being executed and its output needs to be shown to be able to investigate. Also output of ssh-add -l please.

[gminorcoles]

Sorry, I had changed the import in a vain attempt to make something work. I changed it back and added the user name and now get

/home/ubuntu/miniconda3/bin/python /home/ubuntu/src/env/pssh_client.py --prompt-for-passphrase
Connecting to kr3.lan:22
Agent auth failed with ('No identities match for user %s', b'ubuntu')continuing with other authentication methods
Agent auth failed with ('No identities match for user %s', b'ubuntu')continuing with other authentication methods
Agent auth failed with ('No identities match for user %s', b'ubuntu')continuing with other authentication methods
Traceback (most recent call last):
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 205, in _auth_retry
self.auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/native/single.py", line 240, in auth
self._identity_auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 312, in _identity_auth
raise AuthenticationError("No authentication methods succeeded")
pssh.exceptions.AuthenticationError: No authentication methods succeeded

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 205, in _auth_retry
self.auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/native/single.py", line 240, in auth
self._identity_auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 312, in _identity_auth
raise AuthenticationError("No authentication methods succeeded")
pssh.exceptions.AuthenticationError: No authentication methods succeeded

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 205, in _auth_retry
self.auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/native/single.py", line 240, in auth
self._identity_auth()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 312, in _identity_auth
raise AuthenticationError("No authentication methods succeeded")
pssh.exceptions.AuthenticationError: No authentication methods succeeded

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/src/env/pssh_client.py", line 64, in
test_parallel_ssh()
File "/home/ubuntu/src/env/pssh_client.py", line 30, in test_parallel_ssh
client = SSHClient('kr3.lan',user='ubuntu')
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/native/single.py", line 125, in init
super(SSHClient, self).init(
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 192, in init
self._init()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 197, in _init
self._auth_retry()
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 209, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 209, in _auth_retry
return self._auth_retry(retries=retries+1)
File "/home/ubuntu/miniconda3/lib/python3.8/site-packages/pssh/clients/base/single.py", line 211, in _auth_retry
raise AuthenticationError(msg, self.host, self.port, ex)
pssh.exceptions.AuthenticationError: ('Authentication error while connecting to %s:%s - %s', 'kr3.lan', 22, AuthenticationError('No authentication methods succeeded'))

Process finished with exit code 1

[pkittenis]

Code that is being executed needs to be shown, in full.

[gminorcoles]

I switched to using the getpass module to get the passphrase for the key upfront. I need to move on to the next item in my todo list, which is trying to get agent forwarding to work so I can do github operations with no prompts on remote servers, but it looks like this project may not support that. I have moved from ansible to the command line version of pssh, to this, and fabric. it is a weird landscape. I just want wrap my parallelized ssh calls in some code, to alleviate the disorganization I suffer when I use naked bash scripts.

I will try to debug this more at the end of my workday. thank you

[pkittenis]

If code to reproduce an issue can be shown then can investigate. Have yet to see any code, so whether there is an actual issue or not can't say. Agent authentication works, eg:

$ ssh-add -l
256 SHA256:Fu9+PeRnGv7c/5LmkSxPKAViPWgKaSviLFw4raW3lB4 XX (ED25519)
2048 SHA256:HAarboJYgcTYgvF76yTr43C7vrK6HMWZ5FgpsYWHVnM XX (RSA)
2048 SHA256:ggfGnAMtDRdTEPqORpBjP5gwHUUTcgM2tLaPuIiG8J0 XX (RSA)
3072 SHA256:7LJEPazgZAR2+y1HVinBf07vY0VOWSedrvqxUNa7MoU XX (RSA)
3072 SHA256:7LJEPazgZAR2+y1HVinBf07vY0VOWSedrvqxUNa7MoU XX (RSA-CERT)
256 SHA256:wA+Q0CRII0I8Q+mC2z98undIcqigXfAn0Zc0CUtrzNE XX (ED25519)
256 SHA256:JHzxOtwKqDSu3iLqFpd1CGRMOohbvoCQoupQaq+4Xeg XX (ECDSA)

parallel-ssh/examples $ python single_client.py 
first command
second command
third command took one second
Took 1.346768 seconds

When you are able to show the code that you are running can raise a new issue.

Have found a separate issue with agent auth in the libssh clients, leaving this open to track that. - Resolved in 2.5.2.

No, agent forwarding is not currently supported.