From 6f9bca9de3a5aafee9a2af8dd3aa34965f3b7a08 Mon Sep 17 00:00:00 2001 From: Renato Orgito Date: Tue, 8 Jan 2019 22:25:17 -0200 Subject: [PATCH] Add auth_timeout parameter when supported by paramiko (#50448) * Add auth_timeout parameter when supported Paramiko 2.2 introduces the auth_timeout parameter. This will set the parameter to the same value of the timeout parameter to prevent "Authentication timeout" errors. * Conditionally add auth_timeout to ssh.connect Renamed sock_kwarg to ssh_connect_kwargs and conditionally added the auth_timeout parameter based on the installed paramiko version. * Add changelog fragment --- .../fragments/50448-paramiko_ssh_add_auth_timeout.yaml | 2 ++ lib/ansible/plugins/connection/paramiko_ssh.py | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml diff --git a/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml b/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml new file mode 100644 index 00000000000..464d8882c69 --- /dev/null +++ b/changelogs/fragments/50448-paramiko_ssh_add_auth_timeout.yaml @@ -0,0 +1,2 @@ +bugfixes: + - paramiko_ssh - add auth_timeout parameter to ssh.connect when supported by installed paramiko version. This will prevent "Authentication timeout" errors when a slow authentication step (>30s) happens with a host (https://github.com/ansible/ansible/issues/42596) diff --git a/lib/ansible/plugins/connection/paramiko_ssh.py b/lib/ansible/plugins/connection/paramiko_ssh.py index f6c8df219cb..e5b51bad0a4 100644 --- a/lib/ansible/plugins/connection/paramiko_ssh.py +++ b/lib/ansible/plugins/connection/paramiko_ssh.py @@ -137,6 +137,7 @@ import sys import re from termios import tcflush, TCIFLUSH +from distutils.version import LooseVersion from binascii import hexlify from ansible import constants as C @@ -323,7 +324,7 @@ class Connection(ConnectionBase): pass # file was not found, but not required to function ssh.load_system_host_keys() - sock_kwarg = self._parse_proxy_command(port) + ssh_connect_kwargs = self._parse_proxy_command(port) ssh.set_missing_host_key_policy(MyAddPolicy(self._new_stdin, self)) @@ -337,6 +338,10 @@ class Connection(ConnectionBase): if self._play_context.private_key_file: key_filename = os.path.expanduser(self._play_context.private_key_file) + # paramiko 2.2 introduced auth_timeout parameter + if LooseVersion(paramiko.__version__) >= LooseVersion('2.2.0'): + ssh_connect_kwargs['auth_timeout'] = self._play_context.timeout + ssh.connect( self._play_context.remote_addr.lower(), username=self._play_context.remote_user, @@ -346,7 +351,7 @@ class Connection(ConnectionBase): password=self._play_context.password, timeout=self._play_context.timeout, port=port, - **sock_kwarg + **ssh_connect_kwargs ) except paramiko.ssh_exception.BadHostKeyException as e: raise AnsibleConnectionFailure('host key mismatch for %s' % e.hostname)