underwear icon indicating copy to clipboard operation
underwear copied to clipboard
verified publisher icon mattmakai

No handler for paramiko, incompatible ssh server

Open vindarel opened this issue 10 years ago • 4 comments

Hello !

I'm very very very much excited about your project, I think it's very much needed to ease deployments like that. Well done !

But I'm stuck at point 6 with the fab command. Also note that after installation of underwear I didn't have the fab command (in zsh, even after rehash), so I installed fabric manually.

$ fab bootstrap_ansible  
[5.xxx.70.6] Executing task 'bootstrap_ansible'
[localhost] local: ssh-keygen -R 5.xxx.70.6
/home/vince/.ssh/known_hosts updated.
Original contents retained as /home/vince/.ssh/known_hosts.old
No handlers could be found for logger "paramiko.transport"

Fatal error: Incompatible ssh server (no acceptable macs)

Underlying exception:
    Incompatible ssh server (no acceptable macs)

Aborting.

I already worked a bit in my server. We can't login as root, so I filled in the right env.user in the fabfile, but same error. Does my server need to be in some predefined state ?

Any idea on how I can carry on ?

Thanks !

vindarel avatar Sep 21 '15 20:09 vindarel

Hey @vindarel, the Fabric script is really just a quick bootstrap for getting your SSH keys on the server and creating a deploy user. Does Fabric work for you with other fabfiles? I feel like this may be a Fabric dependency issue rather than something I can address in Underwear.

mattmakai avatar Sep 22 '15 18:09 mattmakai

Hey Matt, yes fabric did work with another fabfile (locally). With more googling I found this thread: https://stackoverflow.com/questions/28399335/python-paramiko-incompatible-ssh-server So, on my server, in /etc/ssh/sshd_config, at the key MACs I added hmac-sha1, I restarted ssh and I could carry on.

Now another feedback. I had already used my server a bit and I had disabled the log in as root, so:

  • I had to tell the sed commands to run with sudo: sed(..., use_sudo=True).
  • I had to change the remaining run to sudo, but after the backup of the sudoers file, we can't login as sudo any more, so I tried to put the two commands on the same line;
  • it's difficult to re-run the script, because the groupadd command will error out if the group already exists.
  • the file ~/.ssh/authorized_keys2 doesn't exist on my system. Besides, it's supposed to be deprecated.

And I have another question (seeing underwear.yml):

  • what if we don't have a root domain name ? is the ip ok ? (I couldn't get to the end to test properly)

vindarel avatar Sep 23 '15 17:09 vindarel

you're starting to run into some of the updates I needed to make to move things forward @vindarel, such as the authorized_keys file. unfortunately, I don't have the capacity to make the modifications to the library at the moment. I'll update this issue ticket if I'm able to continue working on it at some point in the future

mattmakai avatar Sep 23 '15 21:09 mattmakai

Ok, cool. I'll wait. Or… do you have a list of easy todos ? I could at least have a look and, who knows… :p

vindarel avatar Sep 24 '15 13:09 vindarel