saspy connection with ssh key authentication.

[bergen288]

Is your feature request related to a problem? Please describe.
saspy connection with ssh key authentication fails.

Describe the solution you'd like
See Additional context.

Describe alternatives you've considered
user/password authentication.

Additional context

I am trying to setup saspy connection with ssh key authentication. saspy version is most recent 5.102.0. According to the instructions at https://sassoftware.github.io/saspy/configuration.html#ssh, luser and identity are defined in ssh_key dictionary in f"{user_profile}\sascfg_Windows_key.py":

SAS_config_names = ['ssh_key']
ssh_key = {
        'saspath'  : '/software/sas94m6/home/SASFoundation/9.4/bin/sas_u8',
        'java'     : 'java',
        'iomhost'  : 'jappsasapp02.onefiserv.net',
        'iomport'  : 22,
        'ssh'      : '/bin/ssh',
        'luser'    : 'pa_batch',
        'identity' : r'E:\Users\xzhang\Python\Keys\pa_batch.pem',
        'options'  : ["-fullstimer"],
        'encoding' : 'latin1'
}

below is my SASConnection class and use it to get cars data.

class SASConnection:
    """[summary: saspy connection to SAS server]
    Returns:
        [type]: [sas connection]
    """
    def __enter__(self):
        try:
            user_profile = getenv("USERPROFILE")
            self._conn = saspy.SASsession(cfgfile=f"{user_profile}\\sascfg_Windows_key.py")
            print("SASPY Connection established:", self._conn)
            return self._conn
        except (saspy.SASConfigNotValidError, saspy.SASConfigNotFoundError, saspy.SASIONotSupportedError) as err:
            raise Exception(err) from err  
    def __exit__(self, exc_type, exc_value, exc_trace) -> None:
        if exc_type is self._conn.SYSERR():
            raise Exception(exc_value)
        if exc_type:
            raise exc_type(exc_value)
        self._conn._endsas()

with SASConnection() as sas:
    my_dataset = sas.sasdata('cars', libref="sashelp")
    print(my_dataset.tail())

Below is the error. somehow, it doesn't use luser/identity pair for key authentication.

Using SAS Config named: ssh_key
Traceback (most recent call last):
  File "e:\Python_Projects\Code\test_saspy.py", line 24, in <module>
    with SASConnection() as sas:
  File "e:\Python_Projects\Code\test_saspy.py", line 12, in __enter__
    self._conn = saspy.SASsession(cfgfile=f"{user_profile}\\sascfg_Windows_key.py")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\Software\Python\Lib\site-packages\saspy\sasbase.py", line 594, in __init__
    self._io = SASsessionIOM(sascfgname=self.sascfg.name, sb=self, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\Software\Python\Lib\site-packages\saspy\sasioiom.py", line 317, in __init__
    self._startsas()
  File "E:\Software\Python\Lib\site-packages\saspy\sasioiom.py", line 411, in _startsas
    raise RuntimeError("No SAS OMR User id provided.")
RuntimeError: No SAS OMR User id provided.

I checked your sasioiom.py code. You take host name and others with self.iomhost = cfg.get('iomhost', '') in SASconfigIOM class. but there are no such get to take luser and identity for ssh key authentication. How to make it work?

[tomweber-sas]

Hey, well the first problem is that your configuration definition is wrong. You've coded it to try to use both IOM and STDIO over SSH at the same time. How did you come up with that configuration definition? Or more importantly, what kind of SAS server are you trying to connect to. FWIW, since you provided the IOM keys in the config, that's what it tried to use to connect with. The STDIO over SSH keys were ignored. Have you looked at this to understand what access method you should be using to get to whatever SAS you're trying to connect to? That's the place to start. Then when you know which access method, you only use the configuration keys for that access method. you can't mix different ones in one configuration def.
So, lets start with the answers from looking at the link above and see what you're trying to connect to, from where, and then we can put together the correct configuration!
Tom

[bergen288]

Sorry for the confusion. My SAS9.4M6 is installed on AIX7.2 VM whose whole name is jappsasapp02.onefiserv.net and I am trying to connect from Windows Server 2016 with saspy. Currently, the following configuration works with user/password defined in _authinfo with 1 line starting 'IOM_SASAPP02':

winiomlinux = {'java'       : 'java',
                'iomhost'   : 'jappsasapp02.onefiserv.net',
                'iomport'   : 8591,
                'encoding'  : 'latin1',
                'options'   : ["-fullstimer"],
                'authkey'   : 'IOM_SASAPP02',
                }

I tried to change iomhost and iomport to host and port as below:

ssh_key = {
        'saspath'  : '/software/sas94m6/home/SASFoundation/9.4/bin/sas_u8',
        'java'     : 'java',
        'host'     : 'jappsasapp02.onefiserv.net',
        'port'     : 22,
        'ssh'      : '/bin/ssh',
        'luser'    : 'pa_batch',
        'identity' : r'E:\Users\xzhang\Python\Keys\pa_batch.pem',
        'options'  : ["-fullstimer"],
        'encoding' : 'latin1'
}

Now it is different error:

Using SAS Config named: ssh_key
We failed in getConnection
The application could not find a command to launch a SAS Workspace Server.
SAS process has terminated unexpectedly. RC from wait was: 4294967290
Traceback (most recent call last):
  File "e:\Python_Projects\Code\test_saspy.py", line 24, in <module>
    with SASConnection() as sas:
  File "e:\Python_Projects\Code\test_saspy.py", line 12, in __enter__
    self._conn = saspy.SASsession(cfgfile=f"{user_profile}\\sascfg_Windows_key.py")
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\Software\Python\Lib\site-packages\saspy\sasbase.py", line 594, in __init__
    self._io = SASsessionIOM(sascfgname=self.sascfg.name, sb=self, **kwargs)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\Software\Python\Lib\site-packages\saspy\sasioiom.py", line 317, in __init__
    self._startsas()
  File "E:\Software\Python\Lib\site-packages\saspy\sasioiom.py", line 582, in _startsas
    ll = self.submit("options svgtitle='svgtitle'; options validvarname=any validmemname=extend pagesize=max nosyntaxcheck; ods graphics on;", "text")
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "E:\Software\Python\Lib\site-packages\saspy\sasioiom.py", line 992, in submit
    raise SASIOConnectionTerminated(Exception)
saspy.sasexceptions.SASIOConnectionTerminated: No SAS process attached. SAS process has terminated unexpectedly.
<class 'Exception'>

how to make key authentication work?

[tomweber-sas]

Ok, so you have a workspace server deployment on that VM, that you can connect to with the first, valid configuration definition: winiomlinux.

What you're trying to do with the ssh_key configuration isn't valid. There's no such concept of doing that nor any way for that to work. My question then is, why are you trying to do what you're trying to do? What are you really trying to do?

Thanks,
Tom

[bergen288]

The reason why I am trying to connect saspy from user/password to ssh key authentication is that my company changed password to be managed by CyberArk Cloud. It's going to be reset every day which is very inconvenient for me to use user/password login that is unsecure anyway. According to the instructions at https://sassoftware.github.io/saspy/configuration.html#ssh, ssh key authentication should be available. Are you telling me that is not True? If it is really available, can you give me a valid example?

Thanks.

[tomweber-sas]

That has to be very tedious, to have your pw changed every day! So, you can use STDIO over SSH (SSH access method) instead of the IOM access method, to use ssh keys to connect to the remote server and start a SAS session. That won't be connecting to a Workspace server using metadata credentials, rather it will just be starting up a SAS process on the same machine where those run. So it's not the same as using the IOM access method which connects to a Workspace server with metadata authentication and authorization. IOM is SAS's proprietary client/server interface. It has no way for you to add ssh to it. It authenticates to the SAS server side based upon how that's all configured by SAS Admins. In your case, that's user/pw. It's not insecure, but having to change the pw every day would be a pain.

[bergen288]

Tom:
Can you give me a valid sample dictionary of STDIO over SSH method? I have to write Pandas dataframe to SAS dataset in remote server. Are you saying that is impossible for STDIO over SSH method?

[tomweber-sas]

The doc is right here: https://sassoftware.github.io/saspy/configuration.html#ssh And no, I'm not saying anything like that. Every access method supports all of the methods of SASPy. You already the SSH configuration keys defined in the config def you have with the IOM keys, which isn't valid and doesn't make sense. Only use the ones for the access method your trying to use.
Your ssh_key already has all of the keys needed for SSH, but it also had IOM keys that override which AM gets used - it's using IOM.