View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 1013 | RackTables | default | public | 2013-09-19 22:31 | 2013-11-24 22:57 |
| Reporter | grin | Assigned To | infrastation | ||
| Priority | high | Severity | tweak | Reproducibility | N/A |
| Status | closed | Resolution | no change required | ||
| Product Version | 0.20.5 | ||||
| Summary | 1013: braindesd ssh gateway setup? | ||||
| Description | I have spent the better half of the day to figure out why and how the "new" gateway code is supposed to work. These braindead cisco stuff cannot use ssh pubkey auth and I thought many people see the same. I feel like I was wrong since I see no way for it to work. First, ssh gateway seem to disable pw auth completely by using BatchMode=yes. Then pw is not handled by remote.php at all. It's not a problem since gateway/ssh couldn't handle it anyway. And after all even if all of them could it doesn't seem to work due to missing logout at the end. I tried to patch it away but it looks like a big mess to me. As a fun thing bloody php stream_select does not seem to honour timeout. I cannot tell you how much I hate php. Patch follows, which makes it work more or less. Far from rock stable. Additionally it requiress the package 'lesspass' to handle the password. | ||||
| Tags | No tags attached. | ||||
| Attached Files | remote.php.patch (1,096 bytes)
--- remote.php-orig 2013-09-19 17:49:16.000000000 +0200
+++ remote.php 2013-09-19 22:02:58.000000000 +0200
@@ -273,6 +273,7 @@
break;
case 'ssh':
$params_from_settings['sudo-user'] = 'sudo_user';
+ $params_from_settings['sp'] = 'password';
$params_from_settings[] = '--';
$params_from_settings['p'] = 'port';
$params_from_settings['l'] = 'username';
@@ -297,6 +298,8 @@
$params_from_settings[] = '-oCheckHostIP=no';
$params_from_settings[] = '-oLogLevel=ERROR';
$params_from_settings[] = $settings['hostname'];
+ # leave the shell, not break it <g>
+ $commands .= "logout\n";
break;
case 'ucssdk': # remote XML through a Python backend
# UCS in its current implementation besides the terminal_settings() provides
@@ -517,7 +520,7 @@
$except_fd = array();
$out = '';
$errors = '';
- while ((! empty ($read_fd) || ! empty ($write_fd)) && stream_select ($read_fd, $write_fd, $except_fd, NULL))
+ while ((! empty ($read_fd) || ! empty ($write_fd)) && stream_select ($read_fd, $write_fd, $except_fd, 5))
{
foreach ($write_fd as $fd)
{
gw-ssh.patch (1,008 bytes)
--- /var/local/rt/gateways/ssh-orig 2013-09-19 18:09:41.000000000 +0200
+++ /var/local/rt/gateways/ssh 2013-09-19 22:13:57.000000000 +0200
@@ -10,9 +10,11 @@
# fetch command-line parameters
my $op_help;
my $op_as_user;
+my $op_ssh_pw;
GetOptions (
'h' => \$op_help,
'sudo-user:s' => \$op_as_user,
+ 'sp:s' => \$op_ssh_pw,
);
if ($op_help) {
&display_help;
@@ -20,7 +22,20 @@
}
&become_user;
-exec ('ssh', @ARGV) or die "exec ssh: $!";
+
+# fake password entry - needs sshpass package!
+my $cmd = 'ssh';
+if( defined( $op_ssh_pw ) ) {
+ # we use the really bad method instead of the outrageously bad one
+ # this way it requires root to peek /proc/<pid> instead of a simple 'ps'
+ $ENV{'SSHPASS'} = $op_ssh_pw;
+ $cmd = 'sshpass';
+ unshift @ARGV, '-e', 'ssh';
+ # batch mode would kindly disable pw authentication altogether
+ @ARGV = grep { !/-oBatchMode=yes/ } @ARGV;
+}
+
+exec ($cmd, @ARGV) or die "exec $cmd: $!";
sub display_help {
print <<END;
| ||||
 |
Could you check if the recently added "sshnokey" method does it better? (There's a bugfix for it in master branch.) |
 |
Closing due to lack of feedback. Please re-open if "sshnokey" doesn't solve the problem. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2013-09-19 22:31 | grin | New Issue | |
| 2013-09-19 22:31 | grin | File Added: remote.php.patch | |
| 2013-09-19 22:31 | grin | File Added: gw-ssh.patch | |
| 2013-09-20 17:34 | infrastation | Note Added: 0001779 | |
| 2013-10-17 17:18 | infrastation | Assigned To | => infrastation |
| 2013-10-17 17:18 | infrastation | Status | new => feedback |
| 2013-11-24 22:57 | adoom42 | Note Added: 0001977 | |
| 2013-11-24 22:57 | adoom42 | Status | feedback => closed |
| 2013-11-24 22:57 | adoom42 | Resolution | open => no change required |
