Use SSH public key authentication with Fabric
Fabric is a very useful Python tool for scripting administration of remote servers. Like Capistrano it allows you to define tasks as a mixture of local and remote operations and then run them for lots of hosts, different groups of hosts, etc.
Increasingly I’m using configuring sshd
to allow public key authentication only. Using this method makes your server more secure against increasingly common SSH brute force attacks. You can also configure an ssh-agent
app to allow password-less logins.
If you want your Fabric tasks to access machines using public key authentication, add something like to your Fabfile:
from paramiko import RSAKey
config.fab_user = "jhacker"
config.fab_pkey = RSAKey.from_private_key_file("/path/to/keyfile")
Simple, and very useful.