Google Git
Sign in
apache / airflow-site / f81e48aadee354653679693fa54b04ac42d24bfd / . / docs-archive / 1.10.6 / howto / connection / ssh.html
blob: dd48e3acb5ec3b6eb1996b18f5ab26667000f3ed [file] [log] [blame]
<!--
Javascript to render AIRFLOW-XXX and PR references in text
as HTML links.
Overrides extrahead block from sphinx_rtd_theme
https://www.sphinx-doc.org/en/master/templating.html
-->
<!DOCTYPE html>
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>SSH Connection &mdash; Airflow Documentation</title>
<link rel="shortcut icon" href="../../_static/pin_32.png"/>
<script type="text/javascript" src="../../_static/js/modernizr.min.js"></script>
<script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
<script type="text/javascript" src="../../_static/jquery.js"></script>
<script type="text/javascript" src="../../_static/underscore.js"></script>
<script type="text/javascript" src="../../_static/doctools.js"></script>
<script type="text/javascript" src="../../_static/language_data.js"></script>
<script type="text/javascript" src="../../_static/js/theme.js"></script>
<link rel="stylesheet" href="../../_static/css/theme.css" type="text/css" />
<link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
<link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="Securing Connections" href="../secure-connections.html" />
<link rel="prev" title="PostgresSQL Connection" href="postgres.html" />
<script>
document.addEventListener('DOMContentLoaded', function() {
var el = document.getElementById('changelog');
if (el !== null ) {
// [AIRFLOW-...]
el.innerHTML = el.innerHTML.replace(
/\[(AIRFLOW-[\d]+)\]/g,
`<a href="https://issues.apache.org/jira/browse/$1">[$1]</a>`
);
// (#...)
el.innerHTML = el.innerHTML.replace(
/\(#([\d]+)\)/g,
`<a href="https://github.com/apache/airflow/pull/$1">(#$1)</a>`
);
};
})
</script>
<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-140539454-1']);
_gaq.push(['_trackPageview']);
</script>
<style>
.example-header {
position: relative;
background: #9AAA7A;
padding: 8px 16px;
margin-bottom: 0;
}
.example-header--with-button {
padding-right: 166px;
}
.example-header:after{
content: '';
display: table;
clear: both;
}
.example-title {
display:block;
padding: 4px;
margin-right: 16px;
color: white;
overflow-x: auto;
}
.example-header-button {
top: 8px;
right: 16px;
position: absolute;
}
.example-header + .highlight-python {
margin-top: 0 !important;
}
.viewcode-button {
display: inline-block;
padding: 8px 16px;
border: 0;
margin: 0;
outline: 0;
border-radius: 2px;
-webkit-box-shadow: 0 3px 5px 0 rgba(0,0,0,.3);
box-shadow: 0 3px 6px 0 rgba(0,0,0,.3);
color: #404040;
background-color: #e7e7e7;
cursor: pointer;
font-size: 16px;
font-weight: 500;
line-height: 1;
text-decoration: none;
text-overflow: ellipsis;
overflow: hidden;
text-transform: uppercase;
-webkit-transition: background-color .2s;
transition: background-color .2s;
vertical-align: middle;
white-space: nowrap;
}
.viewcode-button:visited {
color: #404040;
}
.viewcode-button:hover, .viewcode-button:focus {
color: #404040;
background-color: #d6d6d6;
}
</style>
</head>
<body class="wy-body-for-nav">
<div class="wy-grid-for-nav">
<nav data-toggle="wy-nav-shift" class="wy-nav-side">
<div class="wy-side-scroll">
<div class="wy-side-nav-search" >
<a href="../../index.html" class="icon icon-home"> Airflow
</a>
<div class="version">
1.10.6
</div>
<div role="search">
<form id="rtd-search-form" class="wy-form" action="../../search.html" method="get">
<input type="text" name="q" placeholder="Search docs" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
</div>
</div>
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
<ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../project.html">Project</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../license.html">License</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../start.html">Quick Start</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../installation.html">Installation</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../tutorial.html">Tutorial</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../index.html">How-to Guides</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../set-config.html">Setting Configuration Options</a></li>
<li class="toctree-l2"><a class="reference internal" href="../initialize-database.html">Initializing a Database Backend</a></li>
<li class="toctree-l2"><a class="reference internal" href="../operator/index.html">Using Operators</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="index.html">Managing Connections</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="index.html#creating-a-connection-with-the-ui">Creating a Connection with the UI</a></li>
<li class="toctree-l3"><a class="reference internal" href="index.html#editing-a-connection-with-the-ui">Editing a Connection with the UI</a></li>
<li class="toctree-l3"><a class="reference internal" href="index.html#creating-a-connection-with-environment-variables">Creating a Connection with Environment Variables</a></li>
<li class="toctree-l3 current"><a class="reference internal" href="index.html#connection-types">Connection Types</a><ul class="current">
<li class="toctree-l4"><a class="reference internal" href="aws.html">Amazon Web Services Connection</a></li>
<li class="toctree-l4"><a class="reference internal" href="gcp.html">Google Cloud Platform Connection</a></li>
<li class="toctree-l4"><a class="reference internal" href="gcp_sql.html">Google Cloud SQL Connection</a></li>
<li class="toctree-l4"><a class="reference internal" href="grpc.html">gRPC</a></li>
<li class="toctree-l4"><a class="reference internal" href="mysql.html">MySQL Connection</a></li>
<li class="toctree-l4"><a class="reference internal" href="oracle.html">Oracle Connection</a></li>
<li class="toctree-l4"><a class="reference internal" href="postgres.html">PostgresSQL Connection</a></li>
<li class="toctree-l4 current"><a class="current reference internal" href="#">SSH Connection</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../secure-connections.html">Securing Connections</a></li>
<li class="toctree-l2"><a class="reference internal" href="../secure-connections.html#rotating-encryption-keys">Rotating encryption keys</a></li>
<li class="toctree-l2"><a class="reference internal" href="../write-logs.html">Writing Logs</a></li>
<li class="toctree-l2"><a class="reference internal" href="../executor/use-celery.html">Celery Executor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../executor/use-dask.html">Dask Executor</a></li>
<li class="toctree-l2"><a class="reference internal" href="../executor/use-mesos.html">Scaling Out with Mesos (community contributed)</a></li>
<li class="toctree-l2"><a class="reference internal" href="../run-behind-proxy.html">Running Airflow behind a reverse proxy</a></li>
<li class="toctree-l2"><a class="reference internal" href="../run-with-systemd.html">Running Airflow with systemd</a></li>
<li class="toctree-l2"><a class="reference internal" href="../run-with-upstart.html">Running Airflow with upstart</a></li>
<li class="toctree-l2"><a class="reference internal" href="../use-test-config.html">Using the Test Mode Configuration</a></li>
<li class="toctree-l2"><a class="reference internal" href="../check-health.html">Checking Airflow Health Status</a></li>
<li class="toctree-l2"><a class="reference internal" href="../define_extra_link.html">Define an operator extra link</a></li>
<li class="toctree-l2"><a class="reference internal" href="../tracking-user-activity.html">Tracking User Activity</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cli-completion.html">Set Up Bash/Zsh Completion</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../ui.html">UI / Screenshots</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../concepts.html">Concepts</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../profiling.html">Data Profiling</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cli.html">Command Line Interface Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../scheduler.html">Scheduling &amp; Triggers</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../plugins.html">Plugins</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security.html">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../timezone.html">Time zones</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api.html">REST API Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../integration.html">Integration</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../metrics.html">Metrics</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../errors.html">Error Tracking</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../kubernetes.html">Kubernetes</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../lineage.html">Lineage</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../changelog.html">Changelog</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../faq.html">FAQ</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../macros.html">Macros reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../_api/index.html">Python API Reference</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../privacy_notice.html">Privacy Notice</a></li>
</ul>
<p class="caption"><span class="caption-text">References</span></p>
<ul>
<li class="toctree-l1"><a class="reference internal" href="../../_api/index.html">Python API</a></li>
</ul>
</div>
</div>
</nav>
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
<nav class="wy-nav-top" aria-label="top navigation">
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
<a href="../../index.html">Airflow</a>
</nav>
<div class="wy-nav-content">
<div class="rst-content">
<div role="navigation" aria-label="breadcrumbs navigation">
<ul class="wy-breadcrumbs">
<li><a href="../../index.html">Docs</a> &raquo;</li>
<li><a href="../index.html">How-to Guides</a> &raquo;</li>
<li><a href="index.html">Managing Connections</a> &raquo;</li>
<li>SSH Connection</li>
<li class="wy-breadcrumbs-aside">
<a href="../../_sources/howto/connection/ssh.rst.txt" rel="nofollow"> View page source</a>
</li>
</ul>
<hr/>
</div>
<div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
<div itemprop="articleBody">
<blockquote>
<div></div></blockquote>
<div class="section" id="ssh-connection">
<h1>SSH Connection<a class="headerlink" href="#ssh-connection" title="Permalink to this headline"></a></h1>
<p>The SSH connection type provides connection to use <a class="reference internal" href="../../_api/airflow/contrib/hooks/ssh_hook/index.html#airflow.contrib.hooks.ssh_hook.SSHHook" title="airflow.contrib.hooks.ssh_hook.SSHHook"><code class="xref py py-class docutils literal notranslate"><span class="pre">SSHHook</span></code></a> to run commands on a remote server using <a class="reference internal" href="../../_api/airflow/contrib/operators/ssh_operator/index.html#airflow.contrib.operators.ssh_operator.SSHOperator" title="airflow.contrib.operators.ssh_operator.SSHOperator"><code class="xref py py-class docutils literal notranslate"><span class="pre">SSHOperator</span></code></a> or transfer file from/to the remote server using <code class="xref py py-class docutils literal notranslate"><span class="pre">SFTPOperator</span></code>.</p>
<div class="section" id="configuring-the-connection">
<h2>Configuring the Connection<a class="headerlink" href="#configuring-the-connection" title="Permalink to this headline"></a></h2>
<dl>
<dt>Host (required)</dt><dd><p>The Remote host to connect.</p>
</dd>
<dt>Username (optional)</dt><dd><p>The Username to connect to the remote_host.</p>
</dd>
<dt>Password (optional)</dt><dd><p>Specify the password of the username to connect to the remote_host.</p>
</dd>
<dt>Port (optional)</dt><dd><p>Port of remote host to connect. Default is 22.</p>
</dd>
<dt>Extra (optional)</dt><dd><p>Specify the extra parameters (as json dictionary) that can be used in ssh
connection. The following parameters out of the standard python parameters
are supported:</p>
<ul class="simple">
<li><p><strong>key_file</strong> - Full Path of the private SSH Key file that will be used to connect to the remote_host.</p></li>
<li><p><strong>private_key</strong> - Content of the private key used to connect to the remote_host.</p></li>
<li><p><strong>timeout</strong> - An optional timeout (in seconds) for the TCP connect. Default is <code class="docutils literal notranslate"><span class="pre">10</span></code>.</p></li>
<li><p><strong>compress</strong> - <code class="docutils literal notranslate"><span class="pre">true</span></code> to ask the remote client/server to compress traffic; <code class="docutils literal notranslate"><span class="pre">false</span></code> to refuse compression. Default is <code class="docutils literal notranslate"><span class="pre">true</span></code>.</p></li>
<li><p><strong>no_host_key_check</strong> - Set to <code class="docutils literal notranslate"><span class="pre">false</span></code> to restrict connecting to hosts with no entries in <code class="docutils literal notranslate"><span class="pre">~/.ssh/known_hosts</span></code> (Hosts file). This provides maximum protection against trojan horse attacks, but can be troublesome when the <code class="docutils literal notranslate"><span class="pre">/etc/ssh/ssh_known_hosts</span></code> file is poorly maintained or connections to new hosts are frequently made. This option forces the user to manually add all new hosts. Default is <code class="docutils literal notranslate"><span class="pre">true</span></code>, ssh will automatically add new host keys to the user known hosts files.</p></li>
<li><p><strong>allow_host_key_change</strong> - Set to <code class="docutils literal notranslate"><span class="pre">true</span></code> if you want to allow connecting to hosts that has host key changed or when you get ‘REMOTE HOST IDENTIFICATION HAS CHANGED’ error. This wont protect against Man-In-The-Middle attacks. Other possible solution is to remove the host entry from <code class="docutils literal notranslate"><span class="pre">~/.ssh/known_hosts</span></code> file. Default is <code class="docutils literal notranslate"><span class="pre">false</span></code>.</p></li>
</ul>
<p>Example “extras” field:</p>
<div class="highlight-json notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
<span class="nt">&quot;key_file&quot;</span><span class="p">:</span> <span class="s2">&quot;/home/airflow/.ssh/id_rsa&quot;</span><span class="p">,</span>
<span class="nt">&quot;timeout&quot;</span><span class="p">:</span> <span class="s2">&quot;10&quot;</span><span class="p">,</span>
<span class="nt">&quot;compress&quot;</span><span class="p">:</span> <span class="s2">&quot;false&quot;</span><span class="p">,</span>
<span class="nt">&quot;no_host_key_check&quot;</span><span class="p">:</span> <span class="s2">&quot;false&quot;</span><span class="p">,</span>
<span class="nt">&quot;allow_host_key_change&quot;</span><span class="p">:</span> <span class="s2">&quot;false&quot;</span>
<span class="p">}</span>
</pre></div>
</div>
<p>When specifying the connection as URI (in AIRFLOW_CONN_* variable) you should specify it
following the standard syntax of connections, where extras are passed as parameters
of the URI (note that all components of the URI should be URL-encoded).</p>
<p>Example connection string with <code class="docutils literal notranslate"><span class="pre">key_file</span></code> (path to key file provided in connection):</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>ssh://user:pass@localhost:22?timeout<span class="o">=</span><span class="m">10</span><span class="p">&amp;</span><span class="nv">compress</span><span class="o">=</span>false<span class="p">&amp;</span><span class="nv">no_host_key_check</span><span class="o">=</span>false<span class="p">&amp;</span><span class="nv">allow_host_key_change</span><span class="o">=</span>true<span class="p">&amp;</span><span class="nv">key_file</span><span class="o">=</span>%2Fhome%2Fairflow%2F.ssh%2Fid_rsa
</pre></div>
</div>
<p>Example connection string with <code class="docutils literal notranslate"><span class="pre">private_key</span></code> (actual private key provided in connection):</p>
<div class="highlight-bash notranslate"><div class="highlight"><pre><span></span><span class="nb">export</span> <span class="nv">AIRFLOW_CONN_SSH_SERVER</span><span class="o">=</span><span class="s1">&#39;SSH://127.0.0.1?private_key=-----BEGIN+RSA+PRIVATE+KEY-----%0AMIIEpAIBAAKCAQEAvYUM9xouSUtCKMwm%2FkogT4r3Y%2Bh7H0IPnd7DF9sKCHt9FPJ%2B%0ALaQNX%2FRgnOoPf5ySN42A1nmqv4WX5AKdjEYMIJzN2g2whnol8RVjzP4s2Ao%2B%2BWJ9%0AKstey85CQUgjWFO57ye3TyhbfMZI3fBqDX5RjgkgAZmUpKmv6ttSiCfdgGxLweD7%0ADZexlAjuSfr7i0UZWBIbSKJdePMnWGvZZO%2BGerGlOIKs%2Bqx5agMbNJqDhWn0u8OV%0ACMANhc0yaUAbN08Pjac94%2FxmZPHASytrBmTGd6zYcuzOyxwK8KHMeLUagByT3u7l%0AvWcVyRx8FAXkl7nGF2SQZ0z3JLhmdWMSXuc1AQIDAQABAoIBAQC8%2Bp1REVQyVc8k%0A612%2Bl5%2FccU%2F62elb4%2F26iFS1xv8cMjcp2hwj2sBTfFWSYnsN3syWhI2CUFQJImex%0AP0Jmi7qwEmvaEWiCz%2B5hldisoo%2BI5b6h4qm5MI3YYFYEzrAf9W0kos%2FRKQcBRp%2BG%0AX6MAzYL5RPQbZE%2BqWmJGqGiFyGrBEISl%2FMdoaqSJewTRLHwDtbD9lt4WRPUO%2Font%0A%2FUKwOu3i9z5hMQm9HJJLuKr3hl5jmjJbJUg50a7fjVJzr52VfxH73Z%2Fst40fD3x4%0AH1DHGbX4ar9JOYvhzdXkuxyNXvoglJUIOiAk23Od8q9xOMQAITuwkc1QaVRXwiE7%0Aw41lMC8ZAoGBAOB9PEFyzGwYZgiReOQsAJrlwT7zsY053OGSXAeoLC2OzyLNb8v7%0AnKy2qoTMwxe9LHUDDAp6I8btprvLq35Y72iCbGg0ZK5fIYv%2Bt03NjvOOl1zEuUny%0A5xGe1IvP4YgMQuVMVw5dj11Jmna5eW3oFXlyOQrlth9hrexuI%2BG25qwvAoGBANgf%0AOhy%2FofyIgrIGwaRbgg55rlqViLNGFcJ6I3dVlsRqFxND4PvQZZWfCN3LhIGgI8cT%0AN6hFGPR9QrsmXe3eHM7%2FUpMk53oiPD9E0MemPtQh2AFPUb%2BznqxrXNGvtww6xYBM%0AKYLXcQVn%2FKELwwMYw3F0HGKgCFF0XthV34f%2Bt%2FXPAoGBALVLjqEQlBTsM2LSEP68%0AppRx3nn3lrmGNGMbryUj5OG6BoCFxrbG8gXt05JCR4Bhb4jkOBIyB7i87r2VQ19b%0AdaVCR0h0n6bO%2FymvQNwdmUgLLSRnX3hgKcpqKh7reKlFtbS2zUu1tXVSXuNo8K8Z%0AElatL3Ikh8uaODrLzECaVHpTAoGAXcReoC58h2Zq3faUeUzChqlAfki2gKF9u1zm%0AmlXmDd3BmTgwGtD14g6X%2BDLekKb8Htk1oqooA5t9IlmpExT1BtI7719pltHXtdOT%0AiauVQtBUOW1CmJvD0ibapJdKIeI14k4pDH2QqbnOH8lMmMFbupOX5SptsXl91Pqc%0A%2BxIGmn0CgYBOL2o0Sn%2F8d7uzAZKUBG1%2F0eFr4j6wYwWajVDFOfbJ7WdIf5j%2BL3nY%0A3440i%2Fb2NlEE8nLPDl6cwiOtwV0XFkoiF3ctHvutlhGBxAKHetIxIsnQk7vXqgfP%0AnhsgNypNAQXbxe3gjJEb4Fzw3Ufz3mq5PllYtXKhc%2Bmc4%2B3sN5uGow%3D%3D%0A-----END+RSA+PRIVATE+KEY-----%0A&#39;</span>
</pre></div>
</div>
</dd>
</dl>
</div>
</div>
</div>
</div>
<footer>
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
<a href="../secure-connections.html" class="btn btn-neutral float-right" title="Securing Connections" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right"></span></a>
<a href="postgres.html" class="btn btn-neutral float-left" title="PostgresSQL Connection" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left"></span> Previous</a>
</div>
<hr/>
<div role="contentinfo">
<p>
</p>
</div>
Built with <a href="http://sphinx-doc.org/">Sphinx</a> using a <a href="https://github.com/rtfd/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
<div class="footer">This page uses <a href="https://analytics.google.com/">
Google Analytics</a> to collect statistics. You can disable it by blocking
the JavaScript coming from www.google-analytics.com. Check our
<a href="../../privacy_notice.html">Privacy Policy</a>
for more details.
<script type="text/javascript">
(function() {
var ga = document.createElement('script');
ga.src = ('https:' == document.location.protocol ?
'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
ga.setAttribute('async', 'true');
var nodes = document.documentElement.childNodes;
var i = -1;
var node;
do {
i++;
node = nodes[i]
} while(node.nodeType !== Node.ELEMENT_NODE);
node.appendChild(ga);
})();
</script>
</div>
</footer>
</div>
</div>
</section>
</div>
<script type="text/javascript">
jQuery(function () {
SphinxRtdTheme.Navigation.enable(true);
});
</script>
</body>
</html>