Please note that we will close your issue without comment if you delete, do not read or do not fill out the issue checklist below and provide ALL the requested information. If you repeatedly fail to use the issue template, we will block you from ever submitting issues to Homebrew again.
What you were trying to do (and why)
I am trying to run Ansible in a secure manner in our particular environment. When running Ansible, in our environment, we want the option to use SSH Keys or Usernames/Passwords. When trying to run Ansible with a Username/Password we get this error.
[WARNING]: Unhandled error in Python interpreter discovery for host ...: to use the 'ssh' connection type with passwords, you must install
the sshpass program
It looks like there isn't any work around to get Ansible to not request sshpass.
What happened (include command output)
I normally use homebrew to install all packages I use.
brew search sshpass
We won't add sshpass because it makes it too easy for novice SSH users to
ruin SSH's security.
What you expected to happen
I expected to be able to install packages in a secure manner.
Step-by-step reproduction instructions (by running brew commands)
- Try to run ansible and set
ansible_ssh_pass to avoid the need to be asked for a password
- Have it fail, knowing that you don't have sshpass installed
- Try to install sshpass and have homebrew block you
Extra notes for Homebrew developers
I understand the attempt here is to protect users, which I am all for. I feel like it's my civic duty to speak out though. If a user REALLY needs sshpass then they are going to install it one way or another. I would like to think that the homebrew repository is much more secure than having users Google for how to get sshpass and end up on this gist: https://gist.github.com/arunoda/7790979
In this case, the user is downloading code from a random person and they may or may not be verifying that the download is legitimate (I am not saying this particular download is not legitimate). In my opinion, this leaves novice users vulnerable to a different kind of attack.
Users are better off downloading sshpass from Homebrew directly than finding a random third party to download from. If Homebrew wants to warn users to deter them from installing this package then that's much more secure than having them install a insecure package from an insecure repository.
If there is absolutely no way that sshpass will make it into Homebrew then I am OK with this being closed out. I will find a workaround using Docker instead of installing Ansible through Homebrew, but I wanted to point out a different kind of bug/attack vector that may or may not have been thought of.
Maybe in the Ansible install, users should be warned of this bug and be encouraged to get Ansible through different means (assuming they need password auth like I do).
Cheers!
Please note that we will close your issue without comment if you delete, do not read or do not fill out the issue checklist below and provide ALL the requested information. If you repeatedly fail to use the issue template, we will block you from ever submitting issues to Homebrew again.
brewcommand and reproduced the problem with multiple formulae? If it's a problem with a single, official formula (not cask) please file this issue at Homebrew/homebrew-core: https://github.com/Homebrew/homebrew-core/issues/new/choose. If it's abrew caskproblem please file this issue at https://github.com/Homebrew/homebrew-cask/issues/new/choose. If it's a tap (e.g. Homebrew/homebrew-php) problem please file this issue at the tap.brew updateand can still reproduce the problem?brew doctor, fixed all issues and can still reproduce the problem?brew configandbrew doctorand included their output with your issue?What you were trying to do (and why)
I am trying to run Ansible in a secure manner in our particular environment. When running Ansible, in our environment, we want the option to use SSH Keys or Usernames/Passwords. When trying to run Ansible with a Username/Password we get this error.
It looks like there isn't any work around to get Ansible to not request sshpass.
What happened (include command output)
I normally use homebrew to install all packages I use.
What you expected to happen
I expected to be able to install packages in a secure manner.
Step-by-step reproduction instructions (by running
brewcommands)ansible_ssh_passto avoid the need to be asked for a passwordExtra notes for Homebrew developers
I understand the attempt here is to protect users, which I am all for. I feel like it's my civic duty to speak out though. If a user REALLY needs sshpass then they are going to install it one way or another. I would like to think that the homebrew repository is much more secure than having users Google for how to get sshpass and end up on this gist: https://gist.github.com/arunoda/7790979
In this case, the user is downloading code from a random person and they may or may not be verifying that the download is legitimate (I am not saying this particular download is not legitimate). In my opinion, this leaves novice users vulnerable to a different kind of attack.
Users are better off downloading sshpass from Homebrew directly than finding a random third party to download from. If Homebrew wants to warn users to deter them from installing this package then that's much more secure than having them install a insecure package from an insecure repository.
If there is absolutely no way that sshpass will make it into Homebrew then I am OK with this being closed out. I will find a workaround using Docker instead of installing Ansible through Homebrew, but I wanted to point out a different kind of bug/attack vector that may or may not have been thought of.
Maybe in the Ansible install, users should be warned of this bug and be encouraged to get Ansible through different means (assuming they need password auth like I do).
Cheers!