Running commands on remote hosts without use of an SSH key


#1

Is there any way to run actions on remote hosts (eg. core.remote) without the use of SSH key authentication?
I’ve specified a system user in /etc/st2/st2.conf and I’ve confirmed this user can access the client host without needing a password or a key. I have also removed the entry for ssh_key_file under the [system_user] stanza.

Running
$ st2 run core.remote cmd=whoami hosts=localhost
or
$ st2 run core.remote cmd=whoami hosts=<one-of-my-remote-hosts>
Throws an error saying it can’t find the stanley user’s SSH key. It would be great if someone could point me to a method for configuring Stackstorm to connect to remote hosts without involving an SSH key.
Thanks in advance!


(Lindsay Hill) #2

Are you absolutely certain that your SSH setup allows access with no key or password?

That seems…highly unusual, not to mention hopelessly insecure. What does your ssh configuration look like?


#3

We’re using kerberos and LDAP for authentication.

SSH configuration is set up for GSSAPIAuthentication.


(Lindsay Hill) #4

Right, so it’s not just “no passwords or keys” - there is still an authentication mechanism here.

I think you’ll run into issues related to “How does the ST2 user get granted a kerberos ticket?”


#5

Thanks, I’ll look in that direction.


(Lindsay Hill) #6

Good luck. You might also need to dig into the ST2 code. It probably makes an assumption somewhere about needing either a key or a password.