| Message ID | 20221027113026.2280863-1-iii@linux.ibm.com |
|---|---|
| State | New |
| Headers | show |
| Series | tests/vm: use -o IdentitiesOnly=yes for ssh | expand |
On 27/10/2022 13.30, Ilya Leoshkevich wrote: > When one has a lot of keys in ~/.ssh directory, the ssh command will > try all of them before the one specified on the command line, and this > may cause the remote ssh server to reject the connection due to too > many failed authentication attempts. > > Fix by adding -o IdentitiesOnly=yes, which makes the ssh client > consider only the keys specified on the command line. > > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> > --- > tests/vm/basevm.py | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py > index 4fd9af10b7f..2276364c42f 100644 > --- a/tests/vm/basevm.py > +++ b/tests/vm/basevm.py > @@ -233,7 +233,8 @@ def _ssh_do(self, user, cmd, check): > "-o", "UserKnownHostsFile=" + os.devnull, > "-o", > "ConnectTimeout={}".format(self._config["ssh_timeout"]), > - "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file] > + "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file, > + "-o", "IdentitiesOnly=yes"] > # If not in debug mode, set ssh to quiet mode to > # avoid printing the results of commands. > if not self.debug: Ah, great, I've run into this problem in the past already, too, but I didn't find that config switch! Good to know that there is a solution! Reviewed-by: Thomas Huth <thuth@redhat.com>
Ilya Leoshkevich <iii@linux.ibm.com> writes: > When one has a lot of keys in ~/.ssh directory, the ssh command will > try all of them before the one specified on the command line, and this > may cause the remote ssh server to reject the connection due to too > many failed authentication attempts. > > Fix by adding -o IdentitiesOnly=yes, which makes the ssh client > consider only the keys specified on the command line. > > Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Queued to testing/next, thanks.
diff --git a/tests/vm/basevm.py b/tests/vm/basevm.py index 4fd9af10b7f..2276364c42f 100644 --- a/tests/vm/basevm.py +++ b/tests/vm/basevm.py @@ -233,7 +233,8 @@ def _ssh_do(self, user, cmd, check): "-o", "UserKnownHostsFile=" + os.devnull, "-o", "ConnectTimeout={}".format(self._config["ssh_timeout"]), - "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file] + "-p", str(self.ssh_port), "-i", self._ssh_tmp_key_file, + "-o", "IdentitiesOnly=yes"] # If not in debug mode, set ssh to quiet mode to # avoid printing the results of commands. if not self.debug:
When one has a lot of keys in ~/.ssh directory, the ssh command will try all of them before the one specified on the command line, and this may cause the remote ssh server to reject the connection due to too many failed authentication attempts. Fix by adding -o IdentitiesOnly=yes, which makes the ssh client consider only the keys specified on the command line. Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> --- tests/vm/basevm.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)