Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix ssh host policy #4966

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

Fix ssh host policy #4966

wants to merge 12 commits into from
+212 −14

Conversation

sage-maker
Copy link
Collaborator

@sage-maker sage-maker commented Dec 16, 2024
edited
Loading

Issue #, if available: #4946

Description of changes: Change the SSH host policy to reject when missing

Testing done: Unit + integration

Merge Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your pull request.

General

  • I have read the CONTRIBUTING doc
  • I certify that the changes I am introducing will be backward compatible, and I have discussed concerns about this, if any, with the Python SDK team
  • I used the commit message format described in CONTRIBUTING
  • I have passed the region in to all S3 and STS clients that I've initialized as part of this change.
  • I have updated any necessary documentation, including READMEs and API docs (if appropriate)

Tests

  • I have added tests that prove my fix is effective or that my feature works (if appropriate)
  • I have added unit and/or integration tests as appropriate to ensure backward compatibility of the changes
  • I have checked that my tests are not configured for a specific region or account (if appropriate)
  • I have used unique_name_from_base to create resource names in integ tests (if appropriate)
  • If adding any dependency in requirements.txt files, I have spell checked and ensured they exist in PyPi

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@sage-maker sage-maker requested a review from a team as a code owner December 16, 2024 22:30
@codecov Codecov
Copy link

codecov bot commented Dec 16, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 58.82353% with 7 lines in your changes missing coverage. Please review.

Project coverage is 86.66%. Comparing base (73cc79d) to head (bc70321).
Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
...maker/modules/train/container_drivers/mpi_utils.py 58.82% 7 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4966      +/-   ##
==========================================
+ Coverage   86.41%   86.66%   +0.24%     
==========================================
  Files         439      438       -1     
  Lines       42717    42535     -182     
==========================================
- Hits        36914    36863      -51     
+ Misses       5803     5672     -131

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@benieric benieric self-assigned this Jan 11, 2025
benieric
benieric reviewed Jan 11, 2025
View reviewed changes
src/sagemaker/modules/train/container_drivers/mpi_utils.py Outdated
@@ -83,7 +82,7 @@ def _can_connect(host: str, port: int = DEFAULT_SSH_PORT) -> bool:
logger.debug("Testing connection to host %s", host)
client = paramiko.SSHClient()
client.load_system_host_keys()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.set_missing_host_key_policy(paramiko.RejectPolicy())
Copy link
Contributor

@benieric benieric Jan 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pretty sure for this to work we will need to create some custom policy like:

class CustomHostKeyPolicy(paramiko.client.MissingHostKeyPolicy):
   def missing_host_key(self, client, hostname, key):
      # if hostname is like `algo-*` autoadd otherwise reject

client = paramiko.SSHClient()
client.set_missing_host_key_policy(CustomHostKeyPolicy)

benieric
benieric previously approved these changes Jan 23, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benieric benieric benieric left review comments

@akrishna1995 akrishna1995 Awaiting requested review from akrishna1995 akrishna1995 is a code owner automatically assigned from aws/sagemaker-ml-frameworks

At least 1 approving review is required to merge this pull request.

Assignees

@benieric benieric

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sage-maker @benieric