Add auth_timeout parameter when supported by paramiko (#50448)

* Add auth_timeout parameter when supported Paramiko 2.2 introduces the auth_timeout parameter. This will set the parameter to the same value of the timeout parameter to prevent "Authentication timeout" errors. * Conditionally add auth_timeout to ssh.connect Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the auth_timeout parameter based on the installed paramiko version. * Add changelog fragment
2019-01-08 22:25:17 -02:00 · 2019-01-08 22:25:17 -02:00 · 6f9bca9de3
parent b5d92c6df4
commit 6f9bca9de3
2 changed files with 9 additions and 2 deletions
--- a/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml
+++ b/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)
--- a/lib/ansible/plugins/connection/paramiko_ssh.py
+++ b/lib/ansible/plugins/connection/paramiko_ssh.py
@ -137,6 +137,7 @@ import sys
 import re

 from termios import tcflush, TCIFLUSH
+from distutils.version import LooseVersion
 from binascii import hexlify

 from ansible import constants as C
@ -323,7 +324,7 @@ class Connection(ConnectionBase):
                    pass  # file was not found, but not required to function
            ssh.load_system_host_keys()

-        sock_kwarg = self._parse_proxy_command(port)
+        ssh_connect_kwargs = self._parse_proxy_command(port)

        ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))

@ -337,6 +338,10 @@ class Connection(ConnectionBase):
            if self._play_context.private_key_file:
                key_filename = os.path.expanduser(self._play_context.private_key_file)

+            # paramiko 2.2 introduced auth_timeout parameter
+            if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'):
+                ssh_connect_kwargs['auth_timeout'] = self._play_context.timeout
+
            ssh.connect(
                self._play_context.remote_addr.lower(),
                username=self._play_context.remote_user,
@ -346,7 +351,7 @@ class Connection(ConnectionBase):
                password=self._play_context.password,
                timeout=self._play_context.timeout,
                port=port,
-                **sock_kwarg
+                **ssh_connect_kwargs
            )
        except paramiko.ssh_exception.BadHostKeyException as e:
            raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname)