remote modify [ssh]: Add doc about the parameter 'allow_agent'#1815
Conversation
This parameter was created to fix treeverse/dvc#4186
| - `allow_agent` - whether to connect to the SSH agent (default is `true`). | ||
| Please refer to | ||
| [Paramiko's documentation](http://docs.paramiko.org/en/stable/api/client.html?highlight=allow_agent#paramiko.client.SSHClient.connect) | ||
| for more information. |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
From treeverse/dvc/issues/4186:
with an SSH remote, sometimes I get an error like
No existing session... This is only on one specific machine...
To fix it, I have to give the parameter allow_agent=False to paramiko.
OK so is this config option is meant for that one specific problem? (If so we can add a section about it to https://dvc.org/doc/user-guide/troubleshooting) Or can it be generalized? Let me keep digging... ⌛
There was a problem hiding this comment.
https://linux.die.net/man/1/ssh-agent
ssh-agent is a program to hold private keys used for public key authentication
(OpenSSH)
Authentication is attempted in the following order of priority:
- The pkey or key_filename...
- Any key we can find through an SSH agent
- Any (default-named) key... in ~/.ssh/
- Plain username/password auth, if... given
So basically, setting allow_agent=false is a workaround for misconfigured SSH agents running in a machine, right?
There was a problem hiding this comment.
If so, here's my suggestion:
| - `allow_agent` - whether to connect to the SSH agent (default is `true`). | |
| Please refer to | |
| [Paramiko's documentation](http://docs.paramiko.org/en/stable/api/client.html?highlight=allow_agent#paramiko.client.SSHClient.connect) | |
| for more information. | |
| - `allow_agent` - whether to use [SSH agents](https://www.ssh.com/ssh/agent) | |
| (`true` by default). Setting this to `false` is useful when `ssh-agent` is | |
| causing problems, such as a "No existing session" error: |
Notice that I decided to remove the link because I don't think DVC's authentication order of priority always reflects that of
SSHClient.connect— it depends on how the remote is configured. But no strong opinion.
- And I do think we should add a Troubleshooting section for this, if others agree (doesn't have to happen in this PR though).
There was a problem hiding this comment.
OK I'm going to commit this and ask @shcheklein to merge it, if he agrees. But if anyone has feedback on this please lmk or feel free to continue editing the text. Thanks
jorgeorpinel
temporarily deployed
to
dvc-landing-feature-ssh-ogff2y
jorgeorpinel
left a comment
jorgeorpinel
left a comment
There was a problem hiding this comment.
Thanks again, @gcoter !
4 participants
This parameter was created per treeverse/dvc/issues/4186 (for treeverse/dvc#4186)