transport=smart, SFTP failures and ssh connections

marc.petrivelli · March 31, 2014, 2:34pm

In my ansible.cfg I had the following set:

[defaults]

transport=smart

[ssh_connection]
scp_if_ssh=True

For one of my target hosts (specifically a VMware vCenter appliance) I received a SFTP disabled error. After investigating this host did in fact have SFTP disabled (on purpose). I am curious about a few things.

why is the paramiko python ssh lib defaulting to SFTP for file transfer? Is this intended? Is it more efficient?
Wouldn’t it make sense for the ansible connection module to detect this failure and alternatively try to use SCP to transfer the file?

In the end I had to force the host to use SSH (ansible_connection=ssh in my inventory file) and then change

From:

ssh_args = -o ControlMaster=auto -o ControlPersist=60s

To:
ssh_args = -o ControlMaster=auto

to get everything to work. It seems ansible is smart enough to detect which features the particular flavor of sshd supports when ssh transport is used. It seems the connection module using paramiko might be able to determine if SFTP is disabled and fail over to SCP.

James_Cammarata · March 31, 2014, 8:04pm

Hi Marc, could you open a github issue for this? Thanks!

Michael_DeHaan1 · March 31, 2014, 9:25pm

Ok so under ssh_connection this parameter is only for the SSH transport.

Paramiko doesn’t have this. So what you have for controlling wouldn’t be handled by (1)

(2) is unlikely to be implemented.

So the question is really can paramiko scp all of the time –

I don’t particularly recall but I believe in some cases SCP can be disabled? If I’m wrong, this is reasonable.

If I am not, we can make a new configuration option for paramiko.

But paramiko shouldn’t obey the config section for the SSH transport.

Hans_Lellelid · April 25, 2014, 8:18pm

I like the idea of having sftp vs scp be configurable for paramiko. We don’t use sftp in our infrastructure (except in a few cases), so having an scp option for paramiko would be nice. (Lots of CentOS 5.x in infrastructure, so paramiko is still desired.) Here is a custom paramiko plugin that uses scp instead of sftp: https://gist.github.com/hozn/11301845

This uses the scp library: https://pypi.python.org/pypi/scp/

Making this a configuration option instead would obviously be pretty straightforward.

Hans

Michael_DeHaan1 · April 25, 2014, 8:58pm

A pull request would be welcome!

Thanks!

Hans_Lellelid · April 28, 2014, 11:34am

Yes, I will do that once I have a little more testing with this setup.

Hans

Topic		Replies	Views
SCP instead of SFTP Ansible Project	2	3	January 25, 2016
ansible paramiko fails with failed to open a SFTP connection (Channel closed.) Ansible Project	6	1	September 10, 2015
Cannot copy a file to a server when using ssh Ansible Project	0	1	October 28, 2014
failed to open a SFTP connection, -c ssh connects but gives me errors Ansible Project	2	0	November 17, 2012
trouble with ec2 inventory script Ansible Project	3	0	November 17, 2012

transport=smart, SFTP failures and ssh connections

Related topics