Fabric (SSH & passwords)

Option 1 – provide password with -p flag

fab -H hostname -p password123 ...
  • Downside: password will show up in process listing
  • Downside: password will show up in command history

Option 2 – get prompted for password

fab -I
Initial value for env.password: *****
  • prevents password from showing up in command history

Options 3 – use ssh key with -i flag

fab -H hostname -i ~/.ssh/keyfile ...
  • Note: this succeeds in connecting, but sudo() will still prompt for password

Option 4 – password inside file

fabric.api import env
env.password = 'yourpassword'

Option 5 – use ssh key inside fabfile.

env.key_filename = '/path/to/keyfile.pem'

Option 6 – piggy back off ssh config.

env.use_ssh_config = True

Option 7 – mess with /etc/sudoers

  • add username for fabric
  • remove need to provide password for specific commands

.

Advertisements
Posted in Fabric, Linux, Python, Security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: