Package: dsh
Version: 0.25.10-1
Severity: important
Passing key options to ssh does not seem to work.
It looks like dsh is first trying to login to the remote machine
and then run the options. This approach prevents the use of
ssh command keys, which are very useful when automating management
and still limiting access.
# grep -v ^# /etc/dsh/dsh.conf
verbose = 1
remoteshell = ssh
showmachinenames = 0
waitshell=1 # whether to wait for execution
remoteshellopt=-i /root/.ssh/id_dsa_control
# dsh -m somemachine -- uptime
Setting verbose to [1]
Parameter remoteshell is ssh
Using ssh as the remote shell
Parameter showmachinenames is 0
Setting pipe option to [0]
Parameter waitshell is 1
Setting wait-shell to [1]
Parameter remoteshellopt is -i /root/.ssh/id_dsa_control
Adding [-i /root/.ssh/id_dsa_control] to shell options
Loading config file /root/.dsh/dsh.conf
Adding machine somemachine to list
--- Executing on somemachine
DUMPing parameters passed to llexec
[-i /root/.ssh/id_dsa_control] [somemachine] [uptime]
... Waiting for process to end with waitpid
Warning: Identity file /root/.ssh/id_dsa_control not accessible: No such file
or directory.
r...@somemachine's password:
# ssh -i /root/.ssh/id_dsa_control somemachine
OpenSSH_4.7p1 Debian-12, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to somemachine [192.168.0.73] port 22.
debug1: Connection established.
...
debug1: Offering public key: /root/.ssh/id_dsa_control
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LC_MESSAGES = en_US
debug1: Sending env LANG = en_US
Last login: Wed Apr 21 13:12:47 2010 from mymachine.cs.uchicago.edu
r...@somemachine:~#
Workaround:
Create ~/.ssh/config:
Host *
IdentityFile ~/.ssh/id_dsa_control
This doesn't scale properly, because it's an all (*) or
per-host option, and has no information on the groups dsh provides.
Moreover, per the same problem as above, one cannot specify an
alternative ssh config file with the '-f' option.
Properly, the file should contain:
for machine in $dsh_group; do
# write ssh config file parameters for each machine:
Host $machine
IdentityFile ~/.ssh/id_dsa_control
done
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages dsh depends on:
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libdshconfig1 0.20.13-1 configuration file parser library
dsh recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
