Hi
if I use the example in the exec section of this page https://docs.chef.io/ctl_inspec.html
in other works inspec exec testdir -t ssh://userID@internal-svr.gci.com OR inspec exec testdir/controls/test.rb -t ssh://userID@internal-svr.gci.com What I get is:
$ inspec exec base -t ssh://someuser@somewhere.gci.com
/opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/r-train-0.10.0/lib/train/transports/ssh.rb:84:in validate_options': You must configure at least one authentication method for SSH: Password or key. (Train::ClientError) from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/r-train-0.10.0/lib/train/transports/ssh.rb:67:inconnection’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/inspec/backend.rb:23:in create' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/inspec/runner.rb:46:inconfigure_transport’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/inspec/runner.rb:30:in initialize' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/utils/base_cli.rb:50:innew’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/lib/utils/base_cli.rb:50:in run_tests' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/bin/inspec:110:inexec’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/command.rb:27:in run' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/invocation.rb:126:ininvoke_command’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor.rb:359:in dispatch' from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/thor-0.19.1/lib/thor/base.rb:440:instart’
from /opt/chefdk/embedded/lib/ruby/gems/2.1.0/gems/inspec-0.14.2/bin/inspec:166:in <top (required)>' from /opt/chefdk/embedded/bin/inspec:22:inload’
from /opt/chefdk/embedded/bin/inspec:22:in `’
I’m getting derailed here. The page referenced above doesn’t mention any configuration of authentication methods or of Train. I looked at the Train page on github and didn’t find it helpful for my problem. Any help is most appreciated.
@AnotherNerdHere Thanks for highlighting that issue. Looks like you got an older version of InSpec because the newer versions output what is missing
$ inspec exec mytest.rb -t ssh://user@host
Client error, can't connect to 'ssh' backend: You must configure at least one authentication method for SSH: Password or key.
$ inspec help exec
Usage:
inspec exec PATHS
Options:
[--id=ID] # Attach a profile ID to all test results
t, [--target=TARGET] # Simple targeting option using URIs, e.g. ssh://user:pass@host:port
b, [--backend=BACKEND] # Choose a backend: local, ssh, winrm, docker.
[--host=HOST] # Specify a remote host which is tested.
p, [--port=N] # Specify the login port for a remote scan.
[--user=USER] # The login user for a remote scan.
[--password=PASSWORD] # Login password for a remote scan, if required.
i, [--key-files=one two three] # Login key or certificate file for a remote scan.
[--path=PATH] # Login path to use when connecting to the target (WinRM).
[--sudo], [--no-sudo] # Run scans with sudo. Only activates on Unix and non-root user.
[--sudo-password=SUDO_PASSWORD] # Specify a sudo password, if it is required.
[--sudo-options=SUDO_OPTIONS] # Additional sudo options for a remote scan.
[--ssl], [--no-ssl] # Use SSL for transport layer encryption (WinRM).
[--self-signed], [--no-self-signed] # Allow remote scans with self-signed certificates (WinRM).
[--json-config=JSON_CONFIG] # Read configuration from JSON file (`-` reads from stdin).
l, [--log-level=LOG_LEVEL] # Set the log level: info (default), debug, warn, error
[--profiles-path=PROFILES_PATH] # Folder which contains referenced profiles.
[--controls=one two three] # A list of controls to run. Ignore all other tests.
[--format=FORMAT] # Which formatter to use: progress, documentation, json
[--color], [--no-color] # Use colors in output.
# Default: true
[--diagnose], [--no-diagnose] # Show diagnostics (versions, configurations)
run all test files at the specified PATH.
In your case you need either the --password or --key-files to give InSpec a chance to authenticate with the SSH server. Please let me know if that worked.
Thanks Chris. I have the version that came with the latest chefdk when we (GCI) were in Seattle for training at the beginning of March. Ok noob-ish question how do I update inspec or other pieces of the chefdk.
just for the record, I have:
chefdk-0.11.2-1
Test Kitchen version 1.5.0
inspec version 0.14.2
rspec 3.4.3
berks 4.2.0
Thanks,
Greg.
The best idea is to install the latest chef-dk. If thats not possible or a newer version has not released, I recommend to use:
$ chef exec gem list | grep inspec
inspec (0.14.7)
kitchen-inspec (0.12.3)
$ chef exec gem uninstall inspec kitchen-inspec
Successfully uninstalled kitchen-inspec-0.12.3
Remove executables:
inspec
in addition to the gem? [Yn] y
Removing inspec
Successfully uninstalled inspec-0.14.7
$ chef exec gem install inspec kitchen-inspec
Fetching: r-train-0.10.4.gem (100%)
Successfully installed r-train-0.10.4
Fetching: inspec-0.17.1.gem (100%)
Successfully installed inspec-0.17.1
Fetching: kitchen-inspec-0.12.5.gem (100%)
Successfully installed kitchen-inspec-0.12.5
3 gems installed
$ chef exec gem list | grep inspec
inspec (0.17.1)
kitchen-inspec (0.12.5)
Thanks @chris-rock. It looks like I have an older chefdk. I guess its time for an uninstall / re-install