[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] EC2 host keys

From: Jeff Forcier
Subject: Re: [Fab-user] EC2 host keys
Date: Sat, 9 May 2009 14:10:39 -0400

On Sat, May 9, 2009 at 1:42 PM, Patrick J McNerthney
<address@hidden> wrote:

> Sorry, I did use IP address in my original message, but probably should have
> used DNS name.  It actually does not matter, the problem exists for both.
>  You are correct that I could disable the additional checking of IP address
> conflicts, but I have the same exact problem with the DNS name.
> [...]
> In this scenario, this is a case of an invalid server key, not a missing
> server key.  The missing host key policy never gets called.  This is why the
> env.reject_unknown_keys currently has no effect.
> Any clearer?

Yes, much.

I verified the scenario you outlined, and also double checked
Paramiko's source code to see if it gives us any options in this area.
Sure enough, it's hard-coded to raise an exception when host keys
exist and do not match. Thus, the only way to fix this at the Fabric
level is to avoid loading any host keys at all if you expect this
problem to come up.

Given this and a few other related issues that have come up in the
past, I am starting to wonder if we should start patching Paramiko. No
releases since June of last year is a little worrying, though the
Github branch has seen a little activity this past quarter. But this
is something for the future...

I've just cherry picked and pushed your suggested change. Thanks!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]