Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[16.0] fs_storage: support SSH private keys authentication #331

Open
wants to merge 4 commits into
base: 16.0
Choose a base branch
from
Open

[16.0] fs_storage: support SSH private keys authentication #331

wants to merge 4 commits into from

Conversation

sebalix
Copy link
Contributor

@sebalix sebalix commented Jan 29, 2024

SSH connections can now be done with private keys by setting the pkey+ passphrase options. Coupled with the eval_options_from_env this allows to set these ones from the environment, e.g:

{"host": "sftp.example.net", "username": "odoo", "pkey": "$SSH_KEY", "passphrase": "$SSH_PASSPHRASE", "port": 22}

simahawk
simahawk reviewed Jan 29, 2024
View reviewed changes
Copy link
Contributor

@simahawk simahawk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LG. Could we have some test cov?

@sebalix sebalix force-pushed the 16-fs_storage-add-ssh-private-keys-support branch from c2fe279 to 4b47b01 Compare January 29, 2024 10:38
@sebalix
Copy link
Contributor Author

sebalix commented Jan 29, 2024

@simahawk what's the best approach here to test? Current module doesn't depend on paramiko, if this one is installed then fsspec can use it. To test the feature I would need to add paramiko as tests dependencies, is it OK?

Or should we put tests in a dedicated test_fs_storage_ssh module?

@sebalix
fs_storage: support SSH private keys authentication
c0b3315 
SSH connections can now be done with private keys by setting the `pkey`
+ `passphrase` options.
Coupled with the `eval_options_from_env` this allows to set these ones
from the environment, e.g:

`{"host": "sftp.example.net", "username": "sftp", "pkey": "$SSH_KEY", "passphrase": "$SSH_PASSPHRASE", "port": 22}`
@sebalix sebalix force-pushed the 16-fs_storage-add-ssh-private-keys-support branch from 4b47b01 to c0b3315 Compare January 29, 2024 14:28
@sebalix
Copy link
Contributor Author

sebalix commented Jan 29, 2024
edited
Loading

I added an extra parameter pkey_type to force the key type (RSA, DSS, OPENSSH...).
It happens that some versions of ssh-keygen generates OPENSSH keys even with the -t rsa parameter if -m PEM is not set.
https://serverfault.com/questions/939909/ssh-keygen-does-not-create-rsa-private-key

Still need to test it a bit more.

EDIT: this doesn't work neither. Better to generate the key in a proper manner with ssh-keygen -t rsa -m PEM [...], and everything works as expected. I reverted my last changes.

@sebalix sebalix force-pushed the 16-fs_storage-add-ssh-private-keys-support branch from 11f29f1 to 6f33885 Compare January 29, 2024 16:41
@simahawk
Copy link
Contributor

@simahawk what's the best approach here to test? Current module doesn't depend on paramiko, if this one is installed then fsspec can use it. To test the feature I would need to add paramiko as tests dependencies, is it OK?

Or should we put tests in a dedicated test_fs_storage_ssh module?

In fact, we are adding too many SFTP related feature to the base module... IMO we need a separated module for sftp: fs_storage_sftp.

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 9, 2024

There hasn't been any activity on this pull request in the past 4 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days.
If you want this PR to never become stale, please ask a PSC member to apply the "no stale" label.

@github-actions github-actions bot added the stale PR/Issue without recent activity, it'll be soon closed automatically. label Jun 9, 2024
@florian-dacosta
Copy link
Contributor

florian-dacosta commented Jul 9, 2024
edited
Loading

@sebalix Do you plan to continue and create a new module with the feature ?

FYI, I did manage a SFTP connection with a private key, using sshfs (https://github.com/fsspec/sshfs). If you install this lib, it will replace sftp default paramiko implementation by another based on asyncssh.
This allow to manage keys out of the box (at least, it works in my case, without any additional code).

IMO, we could drop this and maybe write somewhere to install sshfs if you want to manage keys, or do you see any reason not to use the sshfs implementation ?

@github-actions github-actions bot removed the stale PR/Issue without recent activity, it'll be soon closed automatically. label Jul 14, 2024
@lmignon
Copy link
Contributor

lmignon commented Nov 10, 2024

ping @sebalix @simahawk Do you've seen the last comment from @florian-dacosta? Can we close-it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simahawk simahawk simahawk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sebalix @simahawk @florian-dacosta @lmignon