ssh using a password #11
Comments
|
Original comment by Tom Daff (Bitbucket: tdaff, GitHub: tdaff). Thanks for the feedback! This should be possible... The initial design encourages minimal user interaction since there is no guarantee that the user will have access to the terminal running the notebook process (and it was easier to implement). I assume that the one-time-password will be different every time you open an ssh connection, so you will need an interactive prompt every time (rather than being able to pre-set the password)? One possibility will be to sniff the pexpect output for password prompts and then pop up a dialogue box like ssh-askpass, but I will need to refactor the tunnelling (again) so that there will not be six separate connections every time you connect. |
|
Original comment by Scott Field (Bitbucket: sfield83, ). The one-time-passwords are different every time you connect, so in this case you really do need an interactive password prompt. If I make any meaningful progress towards implementing this feature on my end I'll be sure to let you know. |
|
Original comment by Mike Boyle (Bitbucket: moble, GitHub: moble). Instead of ssh-askpass, I wonder if it would be possible to reuse Jupyter's own password page, which is normally used to authenticate connections to remote servers via the web interface. It seems like this should be possible, since in this case the server is already running locally and is just negotiating the connection to the remote kernel. Right? |
|
Original comment by Tom Daff (Bitbucket: tdaff, GitHub: tdaff). I pushed a couple of changes this week to consolidate the tunnels into a single session and then added a rudimentary askpass solution. I can connect to one of my passworded servers and it just pops up two password boxes if I have I agree this is not an ideal solution, but there is now a function for getting passwords from the user that can be developed further. In terms of using the Jupyter interface itself, it might be possible, but I don't know the architecture enough to figure out what needs to be done. Getting something on the page would be just a bit of js in a notebook extension, but it might be difficult to get a custom message from the kernel to the notebook without hacking the code of Jupyter itself. If anyone has any experience with that kind of thing, or any other suggestions, they are very welcome, thanks :) |
|
Original comment by Scott Field (Bitbucket: sfield83, ). This new feature works well for me. I made a few minor changes to check_password to handle slightly different password strings and preambles which some machines send before asking for the password. I connected to two of my passworded clusters (including one which uses one-time-passwords) and was able to launch the kernel on a compute node. I'd be happy to share my version of check_password. Would it be easiest to do this through a pull request? Or just send it to you directly (its a fairly small change). |
|
Original comment by Steffen Heyne (Bitbucket: steffenheyne, GitHub: steffenheyne). Were the changes from @sfield83 ever merged? |
Original report by Anonymous.
On some machines, such as blue waters, ssh access necessarily requires a password (part of the authentication process relies on the one-time-password method). Is it possible to launch a remote kernel on such machines? I tried hacking the member function _spawn in kernel.py without any success.
I've been using the new interactive jobs feature in version 0.4 on both SLURM and PBS machines -- works beautifully!
The text was updated successfully, but these errors were encountered: