fabric password

I know you've asked about password but wouldn't it better to configure the system so that you can doing fabric (i.e. SSH) without password?

For this, on local machine do:

  1. ssh-keygen and agree with all defaults (if you have no reasons do otherwise)
  2. cat ~/.ssh/id_rsa.pub and copy that key

On remote machine:

  1. mkdir ~/.ssh && chmod 700 ~/.ssh
  2. touch ~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2
  3. Paste copied key into authorized_keys2

From now your remote machine “trusts” your local machine and allows logging it in without password. Handy.


You can also set passwords on a per host basis. It wasn't obvious to me, so here it goes for anyone looking for this:

from fabric import env
env.hosts = ['user1@host1:port1', '[email protected]']
env.passwords = {'user1@host1:port1': 'password1', '[email protected]': 'password2'}

Fabric caches used passwords in the env.passwords dictionary. It sets this cache using the full hosts string as key of that dictionary and the password as the value. If you set this dictionary yourself before executing any task, Fabric won't ask for them at all.


fab -h will show you all the options, you can also read them here.

In particular, and I quote,

-p PASSWORD, --password=PASSWORD

Sets env.password to the given string; it will then be used as the default password when making SSH connections or calling the sudo program.


Just to add for anyone who winds up here from a search, you can specify the -I option when running fab for it to prompt you for a default password to use. This way it won't be visible in your command history

example:

$ fab -I my_task
Initial value for env.password: 

It's also possible to set ssh password in connect_args

    conn = Connection(
    "{username}@{ip}:{port}".format(
        username=username,
        ip=ip,
        port=port,
    ),
    connect_kwargs={"password": password},
)