salt-ssh : Disable SSH Host Key Checking with python api
Question:
I’m working with salt-ssh and with the command line I can use option -i to use ‘StrictHostKeyChecking’
(agent) [root@NODE ~]# salt-ssh 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping
af0abc4b-6980d-4fdd-ba63-192cb3d116be:
----------
retcode:
254
stderr:
stdout:
The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4.
Are you sure you want to continue connecting (yes/no)?
(agent) [root@NODE ~]# salt-ssh -i --no-host-keys 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping
af0abc4b-6980d-4fdd-ba63-192cb3d116be:
True
but when I want to do the same thing with the python api I didn’t find a way to specify the -i option so can it be done.
this is the python code I’m using
from salt.client.ssh.client import SSHClient
salt = SSHClient()
salt.cmd('af0abc4b-6980d-4fdd-ba63-192cb3d116be', 'test.ping')
Out:
{'af0abc4b-6980d-4fdd-ba63-192cb3d116be': {'retcode': 254,
'stderr': '',
'stdout': "The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:nThe authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.nECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4.nAre you sure you want to continue connecting (yes/no)? "}}
how can I do the same with the python code??
Answers:
The only solution I found is to configure StrictHostKeyChecking in $HOME/.ssh/config`.
example of $HOME/.ssh/config
Host *
StrictHostKeyChecking no
or
Host 10.10.10.15
StrictHostKeyChecking no
I’m working with salt-ssh and with the command line I can use option -i to use ‘StrictHostKeyChecking’
(agent) [root@NODE ~]# salt-ssh 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping
af0abc4b-6980d-4fdd-ba63-192cb3d116be:
----------
retcode:
254
stderr:
stdout:
The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:
The authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.
ECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4.
Are you sure you want to continue connecting (yes/no)?
(agent) [root@NODE ~]# salt-ssh -i --no-host-keys 'af0abc4b-6980d-4fdd-ba63-192cb3d116be' test.ping
af0abc4b-6980d-4fdd-ba63-192cb3d116be:
True
but when I want to do the same thing with the python api I didn’t find a way to specify the -i option so can it be done.
this is the python code I’m using
from salt.client.ssh.client import SSHClient
salt = SSHClient()
salt.cmd('af0abc4b-6980d-4fdd-ba63-192cb3d116be', 'test.ping')
Out:
{'af0abc4b-6980d-4fdd-ba63-192cb3d116be': {'retcode': 254,
'stderr': '',
'stdout': "The host key needs to be accepted, to auto accept run salt-ssh with the -i flag:nThe authenticity of host '10.10.10.10 (10.10.10.10)' can't be established.nECDSA key fingerprint is af:00:b8:ab:7a:3e:cd:06:9a:6c:36:e9:32:f0:a3:a4.nAre you sure you want to continue connecting (yes/no)? "}}
how can I do the same with the python code??
The only solution I found is to configure StrictHostKeyChecking in $HOME/.ssh/config`.
example of $HOME/.ssh/config
Host *
StrictHostKeyChecking no
or
Host 10.10.10.15
StrictHostKeyChecking no