Add auth_timeout parameter when supported by paramiko (#50448)

* Add auth_timeout parameter when supported

Paramiko 2.2 introduces the auth_timeout parameter. This will set the
parameter to the same value of the timeout parameter to prevent
"Authentication timeout" errors.

* Conditionally add auth_timeout to ssh.connect

Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the
auth_timeout parameter based on the installed paramiko version.

* Add changelog fragment
This commit is contained in:
Renato Orgito 2019-01-08 22:25:17 -02:00 committed by Dag Wieers
parent b5d92c6df4
commit 6f9bca9de3
2 changed files with 9 additions and 2 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596)

View file

@ -137,6 +137,7 @@ import sys
import re
from termios import tcflush, TCIFLUSH
from distutils.version import LooseVersion
from binascii import hexlify
from ansible import constants as C
@ -323,7 +324,7 @@ class Connection(ConnectionBase):
pass # file was not found, but not required to function
ssh.load_system_host_keys()
sock_kwarg = self._parse_proxy_command(port)
ssh_connect_kwargs = self._parse_proxy_command(port)
ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self))
@ -337,6 +338,10 @@ class Connection(ConnectionBase):
if self._play_context.private_key_file:
key_filename = os.path.expanduser(self._play_context.private_key_file)
# paramiko 2.2 introduced auth_timeout parameter
if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'):
ssh_connect_kwargs['auth_timeout'] = self._play_context.timeout
ssh.connect(
self._play_context.remote_addr.lower(),
username=self._play_context.remote_user,
@ -346,7 +351,7 @@ class Connection(ConnectionBase):
password=self._play_context.password,
timeout=self._play_context.timeout,
port=port,
**sock_kwarg
**ssh_connect_kwargs
)
except paramiko.ssh_exception.BadHostKeyException as e:
raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname)