Removed public key requirement from native clients. Added and updated tests.

Parallel clients raise type error on incorrect host list type.
Native clients raise exception on init when private key path cannot be found. Added tests.
Updated changelog, requirements.

Author: Pan

Changelog.rst

@@ -1,6 +1,17 @@
 Change Log
 ============
 
+1.8.0
+++++++
+
+Changes
+--------
+
+* Native client no longer requires public key file for authentication.
+* Native clients raise ``pssh.exceptions.PKeyFileError`` on object initialisation if provided private key file paths cannot be found.
+* Native clients expand user directory (``~/<path>``) on provided private key paths.
+* Parallel clients raise ``TypeError`` when provided ``hosts`` is a string instead of list or other iterable.
+
 1.7.0
 ++++++
 

pssh/clients/base_pssh.py

@@ -47,6 +47,10 @@ def __init__(self, hosts, user=None, password=None, port=None, pkey=None,
                  num_retries=DEFAULT_RETRIES,
                  timeout=120, pool_size=10,
                  host_config=None, retry_delay=RETRY_DELAY):
+        if isinstance(hosts, str) or isinstance(hosts, bytes):
+            raise TypeError(
+                "Hosts must be list or other iterable, not string. "
+                "For example: ['localhost'] not 'localhost'.")
         self.allow_agent = allow_agent
         self.pool_size = pool_size
         self.pool = gevent.pool.Pool(size=self.pool_size)

pssh/clients/native/common.py

@@ -0,0 +1,34 @@
+# This file is part of parallel-ssh.
+#
+# Copyright (C) 2014-2018 Panos Kittenis.
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation, version 2.1.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+import os
+
+from ...exceptions import PKeyFileError
+
+
+def _validate_pkey_path(pkey, host=None):
+    if pkey is None:
+        return
+    pkey = os.path.normpath(os.path.expanduser(pkey))
+    if not os.path.exists(pkey):
+        msg = "File %s does not exist. " \
+              "Please use either absolute or relative to user directory " \
+              "paths like '~/.ssh/my_key' for pkey parameter"
+        ex = PKeyFileError(msg, pkey)
+        ex.host = host
+        raise ex
+    return pkey

pssh/clients/native/parallel.py

@@ -25,6 +25,7 @@
 from .single import SSHClient
 from ...exceptions import ProxyError, Timeout, HostArgumentException
 from .tunnel import Tunnel
+from .common import _validate_pkey_path
 
 
 logger = logging.getLogger(__name__)
@@ -50,8 +51,8 @@ def __init__(self, hosts, user=None, password=None, port=22, pkey=None,
         :param port: (Optional) Port number to use for SSH connection. Defaults
           to 22.
         :type port: int
-        :param pkey: Private key file path to use. Note that the public key file
-          pair *must* also exist in the same location with name ``<pkey>.pub``
+        :param pkey: Private key file path to use. Path must be either absolute
+          path or relative to user home directory like ``~/<path>``.
         :type pkey: str
         :param num_retries: (Optional) Number of connection and authentication
           attempts before the client gives up. Defaults to 3.
@@ -90,25 +91,27 @@ def __init__(self, hosts, user=None, password=None, port=22, pkey=None,
         :param proxy_pkey: (Optional) Private key file to be used for
           authentication with ``proxy_host``. Defaults to available keys from
           SSHAgent and user's SSH identities.
-        :type proxy_pkey: Private key file path to use. Note that the public
-          key file pair *must* also exist in the same location with name
-          ``<pkey>.pub``.
+        :type proxy_pkey: Private key file path to use.
         :param forward_ssh_agent: (Optional) Turn on SSH agent forwarding -
           equivalent to `ssh -A` from the `ssh` command line utility.
           Defaults to True if not set.
         :type forward_ssh_agent: bool
         :param tunnel_timeout: (Optional) Timeout setting for proxy tunnel
           connections.
         :type tunnel_timeout: float
+
+        :raises: :py:class:`pssh.exceptions.PKeyFileError` on errors finding
+          provided private key.
         """
         BaseParallelSSHClient.__init__(
             self, hosts, user=user, password=password, port=port, pkey=pkey,
             allow_agent=allow_agent, num_retries=num_retries,
             timeout=timeout, pool_size=pool_size,
             host_config=host_config, retry_delay=retry_delay)
+        self.pkey = _validate_pkey_path(pkey)
         self.proxy_host = proxy_host
         self.proxy_port = proxy_port
-        self.proxy_pkey = proxy_pkey
+        self.proxy_pkey = _validate_pkey_path(proxy_pkey)
         self.proxy_user = proxy_user
         self.proxy_password = proxy_password
         self.forward_ssh_agent = forward_ssh_agent

pssh/clients/native/single.py

@@ -41,6 +41,7 @@
      SCPError
 from ...constants import DEFAULT_RETRIES, RETRY_DELAY
 from ...native._ssh2 import wait_select, _read_output  # , sftp_get, sftp_put
+from .common import _validate_pkey_path
 
 
 Hub.NOT_ERROR = (Exception,)
@@ -75,9 +76,9 @@ def __init__(self, host,
         :type password: str
         :param port: SSH port to connect to. Defaults to SSH default (22)
         :type port: int
-        :param pkey: Private key file path to use for authentication.
-          Note that the public key file
-          pair *must* also exist in the same location with name ``<pkey>.pub``
+        :param pkey: Private key file path to use for authentication. Path must
+          be either absolute path or relative to user home directory
+          like ``~/<path>``.
         :type pkey: str
         :param num_retries: (Optional) Number of connection and authentication
           attempts before the client gives up. Defaults to 3.
@@ -98,6 +99,9 @@ def __init__(self, host,
         :param proxy_host: Connection to host is via provided proxy host
           and client should use self.proxy_host for connection attempts.
         :type proxy_host: str
+
+        :raises: :py:class:`pssh.exceptions.PKeyFileError` on errors finding
+          provided private key.
         """
         self.host = host
         self.user = user if user else None
@@ -107,7 +111,6 @@ def __init__(self, host,
             raise ValueError("Must provide user parameter on Windows")
         self.password = password
         self.port = port if port else 22
-        self.pkey = pkey
         self.num_retries = num_retries
         self.sock = None
         self.timeout = timeout * 1000 if timeout else None
@@ -117,6 +120,7 @@ def __init__(self, host,
         self._forward_requested = False
         self.session = None
         self._host = proxy_host if proxy_host else host
+        self.pkey = _validate_pkey_path(pkey, self.host)
         self._connect(self._host, self.port)
         if _auth_thread_pool:
             THREAD_POOL.apply(self._init)
@@ -130,7 +134,7 @@ def disconnect(self):
                 self._eagain(self.session.disconnect)
             except Exception:
                 pass
-        if not self.sock.closed:
+        if self.sock is not None and not self.sock.closed:
             self.sock.close()
 
     def __del__(self):
@@ -202,29 +206,24 @@ def _connect(self, host, port, retries=1):
                 self.num_retries,)
 
     def _pkey_auth(self):
-        pub_file = "%s.pub" % self.pkey
-        logger.debug("Attempting authentication with public key %s for user %s",
-                     pub_file, self.user)
         self.session.userauth_publickey_fromfile(
             self.user,
-            pub_file,
             self.pkey,
-            self.password if self.password is not None else '')
+            passphrase=self.password if self.password is not None else '')
 
     def _identity_auth(self):
+        passphrase = self.password if self.password is not None else ''
         for identity_file in self.IDENTITIES:
             if not os.path.isfile(identity_file):
                 continue
-            pub_file = "%s.pub" % (identity_file)
             logger.debug(
                 "Trying to authenticate with identity file %s",
                 identity_file)
             try:
                 self.session.userauth_publickey_fromfile(
                     self.user,
-                    pub_file,
                     identity_file,
-                    self.password if self.password is not None else '')
+                    passphrase=passphrase)
             except Exception:
                 logger.debug("Authentication with identity file %s failed, "
                              "continuing with other identities",
@@ -239,7 +238,7 @@ def _identity_auth(self):
     def auth(self):
         if self.pkey is not None:
             logger.debug(
-                "Proceeding with public key file authentication")
+                "Proceeding with private key file authentication")
             return self._pkey_auth()
         if self.allow_agent:
             try:
@@ -256,11 +255,13 @@ def auth(self):
         except AuthenticationException:
             if self.password is None:
                 raise
-            logger.debug("Public key auth failed, trying password")
+            logger.debug("Private key auth failed, trying password")
             self._password_auth()
 
     def _password_auth(self):
-        if self.session.userauth_password(self.user, self.password) != 0:
+        try:
+            self.session.userauth_password(self.user, self.password)
+        except Exception:
             raise AuthenticationException("Password authentication failed")
 
     def open_session(self):

pssh/exceptions.py

@@ -69,3 +69,7 @@ class Timeout(Exception):
 
 class SCPError(Exception):
     """Raised on errors copying file via SCP"""
+
+
+class PKeyFileError(Exception):
+    """Raised on errors finding private key file"""

requirements.txt

@@ -1,3 +1,3 @@
 paramiko>=1.15.3,>=2.4
 gevent>=1.1
-ssh2-python>=0.12.0
+ssh2-python>=0.15.0

setup.py

@@ -96,7 +96,7 @@
                         'tests', 'tests.*',
                         '*.tests', '*.tests.*')
       ),
-      install_requires=['paramiko', gevent_req, 'ssh2-python>=0.14.0'],
+      install_requires=['paramiko', gevent_req, 'ssh2-python>=0.15.0'],
       classifiers=[
         'License :: OSI Approved :: GNU Lesser General Public License v2 (LGPLv2)',
         'Intended Audience :: Developers',

tests/test_native_parallel_client.py

@@ -39,7 +39,7 @@
 from pssh.exceptions import UnknownHostException, \
     AuthenticationException, ConnectionErrorException, SessionError, \
     HostArgumentException, SFTPError, SFTPIOError, Timeout, SCPError, \
-    ProxyError
+    ProxyError, PKeyFileError
 from pssh import logger as pssh_logger
 
 from .embedded_server.embedded_server import make_socket
@@ -833,36 +833,19 @@ def test_connection_error_exception(self):
         try:
             raise output[host]['exception']
         except ConnectionErrorException as ex:
-            self.assertEqual(ex.args[1], host,
+            self.assertEqual(ex.host, host,
                              msg="Exception host argument is %s, should be %s" % (
-                                 ex.args[1], host,))
+                                 ex.host, host,))
             self.assertEqual(ex.args[2], port,
                              msg="Exception port argument is %s, should be %s" % (
                                  ex.args[2], port,))
         else:
             raise Exception("Expected ConnectionErrorException")
 
-    def test_authentication_exception(self):
-        """Test that we get authentication exception in output with correct arguments"""
-        hosts = [self.host]
-        client = ParallelSSHClient(hosts, port=self.port,
-                                   pkey='A REALLY FAKE KEY',
-                                   num_retries=1)
-        output = client.run_command(self.cmd, stop_on_errors=False)
-        self.assertTrue('exception' in output[self.host],
-                        msg="Got no exception for host %s - expected connection error" % (
-                            self.host,))
-        try:
-            raise output[self.host]['exception']
-        except AuthenticationException as ex:
-            self.assertEqual(ex.args[1], self.host,
-                             msg="Exception host argument is %s, should be %s" % (
-                                 ex.args[1], self.host,))
-            self.assertEqual(ex.args[2], self.port,
-                             msg="Exception port argument is %s, should be %s" % (
-                                 ex.args[2], self.port,))
-        else:
-            raise Exception("Expected AuthenticationException")
+    def test_bad_pkey_path(self):
+        self.assertRaises(PKeyFileError, ParallelSSHClient, [self.host], port=self.port,
+                          pkey='A REALLY FAKE KEY',
+                          num_retries=1)
 
     def test_multiple_single_quotes_in_cmd(self):
         """Test that we can run a command with multiple single quotes"""
@@ -937,10 +920,10 @@ def test_host_config(self):
             self.assertTrue(host in output)
         try:
             raise output[hosts[1][0]]['exception']
-        except AuthenticationException as ex:
-            pass
+        except PKeyFileError as ex:
+            self.assertEqual(ex.host, host)
         else:
-            raise AssertionError("Expected AutnenticationException on host %s",
+            raise AssertionError("Expected ValueError on host %s",
                                  hosts[0][0])
         self.assertTrue(output[hosts[1][0]].exit_code is None,
                         msg="Execution failed on host %s" % (hosts[1][0],))
@@ -1396,3 +1379,7 @@ def test_scp_recv(self):
         finally:
             shutil.rmtree(remote_test_path_abs)
             shutil.rmtree(local_copied_dir)
+
+    def test_bad_hosts_value(self):
+        self.assertRaises(TypeError, ParallelSSHClient, 'a host')
+        self.assertRaises(TypeError, ParallelSSHClient, b'a host')

tests/test_native_single_client.py

@@ -12,7 +12,7 @@
 from ssh2.session import Session
 from ssh2.exceptions import SocketDisconnectError
 from pssh.exceptions import AuthenticationException, ConnectionErrorException, \
-    SessionError, SFTPIOError, SFTPError, SCPError
+    SessionError, SFTPIOError, SFTPError, SCPError, PKeyFileError
 
 
 ssh_logger.setLevel(logging.DEBUG)
@@ -91,6 +91,14 @@ def test_manual_auth(self):
         client.session.handshake(client.sock)
         self.assertRaises(AuthenticationException, client.auth)
 
+    def test_failed_auth(self):
+        self.assertRaises(PKeyFileError, SSHClient, self.host, port=self.port,
+                          pkey='client_pkey',
+                          num_retries=1)
+        self.assertRaises(PKeyFileError, SSHClient, self.host, port=self.port,
+                          pkey='~/fake_key',
+                          num_retries=1)
+
     def test_handshake_fail(self):
         client = SSHClient(self.host, port=self.port,
                            pkey=self.user_key,