From a019575026fd8bec6f96c82eb76fb7f698ffcd19 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 23 Jun 2015 14:52:37 -0700 Subject: [PATCH] helper/communicator: support disabling SSH agent --- communicator/ssh/communicator.go | 8 ++++++++ helper/communicator/config.go | 1 + helper/communicator/step_connect_ssh.go | 7 ++++--- website/source/docs/templates/communicator.html.md | 2 ++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/communicator/ssh/communicator.go b/communicator/ssh/communicator.go index 2cc299b30..d6f00351d 100644 --- a/communicator/ssh/communicator.go +++ b/communicator/ssh/communicator.go @@ -37,6 +37,9 @@ type Config struct { // Pty, if true, will request a pty from the remote end. Pty bool + + // DisableAgent, if true, will not forward the SSH agent. + DisableAgent bool } // Creates a new packer.Communicator implementation over SSH. This takes @@ -287,6 +290,11 @@ func (c *comm) connectToAgent() { return } + if c.config.DisableAgent { + log.Printf("[INFO] SSH agent forwarding is diabled.") + return + } + // open connection to the local agent socketLocation := os.Getenv("SSH_AUTH_SOCK") if socketLocation == "" { diff --git a/helper/communicator/config.go b/helper/communicator/config.go index e3da09618..0f19c4e68 100644 --- a/helper/communicator/config.go +++ b/helper/communicator/config.go @@ -22,6 +22,7 @@ type Config struct { SSHPrivateKey string `mapstructure:"ssh_private_key_file"` SSHPty bool `mapstructure:"ssh_pty"` SSHTimeout time.Duration `mapstructure:"ssh_timeout"` + SSHDisableAgent bool `mapstructure:"ssh_disable_agent"` SSHHandshakeAttempts int `mapstructure:"ssh_handshake_attempts"` SSHBastionHost string `mapstructure:"ssh_bastion_host"` SSHBastionPort int `mapstructure:"ssh_bastion_port"` diff --git a/helper/communicator/step_connect_ssh.go b/helper/communicator/step_connect_ssh.go index fd6b585f8..0d302f779 100644 --- a/helper/communicator/step_connect_ssh.go +++ b/helper/communicator/step_connect_ssh.go @@ -158,9 +158,10 @@ func (s *StepConnectSSH) waitForSSH(state multistep.StateBag, cancel <-chan stru // Then we attempt to connect via SSH config := &ssh.Config{ - Connection: connFunc, - SSHConfig: sshConfig, - Pty: s.Config.SSHPty, + Connection: connFunc, + SSHConfig: sshConfig, + Pty: s.Config.SSHPty, + DisableAgent: s.Config.SSHDisableAgent, } log.Println("[INFO] Attempting SSH connection...") diff --git a/website/source/docs/templates/communicator.html.md b/website/source/docs/templates/communicator.html.md index 438983c98..8a450ac50 100644 --- a/website/source/docs/templates/communicator.html.md +++ b/website/source/docs/templates/communicator.html.md @@ -77,6 +77,8 @@ The SSH communicator has the following options: * `ssh_handshake_attempts` (int) - The number of handshakes to attempt with SSH once it can connect. This defaults to 10. + * `ssh_disable_agent` (bool) - If true, SSH agent forwarding will be disabled. + * `ssh_bastion_host` (string) - A bastion host to use for the actual SSH connection.