Running commands on remote hosts without use of an SSH key


Is there any way to run actions on remote hosts (eg. core.remote) without the use of SSH key authentication?
I’ve specified a system user in /etc/st2/st2.conf and I’ve confirmed this user can access the client host without needing a password or a key. I have also removed the entry for ssh_key_file under the [system_user] stanza.

$ st2 run core.remote cmd=whoami hosts=localhost
$ st2 run core.remote cmd=whoami hosts=<one-of-my-remote-hosts>
Throws an error saying it can’t find the stanley user’s SSH key. It would be great if someone could point me to a method for configuring Stackstorm to connect to remote hosts without involving an SSH key.
Thanks in advance!

(Lindsay Hill) #2

Are you absolutely certain that your SSH setup allows access with no key or password?

That seems…highly unusual, not to mention hopelessly insecure. What does your ssh configuration look like?


We’re using kerberos and LDAP for authentication.

SSH configuration is set up for GSSAPIAuthentication.

(Lindsay Hill) #4

Right, so it’s not just “no passwords or keys” - there is still an authentication mechanism here.

I think you’ll run into issues related to “How does the ST2 user get granted a kerberos ticket?”


Thanks, I’ll look in that direction.

(Lindsay Hill) #6

Good luck. You might also need to dig into the ST2 code. It probably makes an assumption somewhere about needing either a key or a password.