diff options
| author | elijah <elijah@riseup.net> | 2014-11-09 15:18:18 -0800 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2014-11-09 15:18:18 -0800 |
| commit | 32e89e92600a361bdfe65ef34e3ac874515919f5 (patch) | |
| tree | 75e91f04ce70e6dad0826f8db057d1a9ee9bc64f | |
| parent | 38354dca9237c67668bf2510b3b43d8b2dbd5844 (diff) | |
| download | leap_cli-32e89e92600a361bdfe65ef34e3ac874515919f5.tar.gz leap_cli-32e89e92600a361bdfe65ef34e3ac874515919f5.tar.bz2 | |
make sure to specify HostKeyAlgorithms for ssh and rsync. this is needed because otherwise you can't connect to a server that has ecdsa host key if all you have is an rsa key host key. closes bug #6337
| -rw-r--r-- | lib/leap_cli/commands/shell.rb | 3 | ||||
| -rw-r--r-- | lib/leap_cli/config/node.rb | 9 | ||||
| -rw-r--r-- | lib/leap_cli/ssh_key.rb | 17 | ||||
| -rw-r--r-- | lib/leap_cli/util/remote_command.rb | 3 |
4 files changed, 32 insertions, 0 deletions
diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 2138e9d..a7a0d85 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -62,6 +62,9 @@ module LeapCli; module Commands else options << "-o 'StrictHostKeyChecking=yes'" end + if !node.supported_ssh_host_key_algorithms.empty? + options << "-o 'HostKeyAlgorithms=#{node.supported_ssh_host_key_algorithms}'" + end username = 'root' if LeapCli.log_level >= 3 options << "-vv" diff --git a/lib/leap_cli/config/node.rb b/lib/leap_cli/config/node.rb index 30af5d1..fe685cf 100644 --- a/lib/leap_cli/config/node.rb +++ b/lib/leap_cli/config/node.rb @@ -63,6 +63,15 @@ module LeapCli; module Config def test_dependencies [] end + + # returns a string list of supported ssh host key algorithms for this node. + # or an empty string if it could not be determined + def supported_ssh_host_key_algorithms + @host_key_algo ||= SshKey.supported_host_key_algorithms( + Util.read_file([:node_ssh_pub_key, @node.name]) + ) + end + end end; end diff --git a/lib/leap_cli/ssh_key.rb b/lib/leap_cli/ssh_key.rb index 3cbeddd..5a7ac23 100644 --- a/lib/leap_cli/ssh_key.rb +++ b/lib/leap_cli/ssh_key.rb @@ -107,6 +107,23 @@ module LeapCli return keys.map{|k| SshKey.load(k[1], k[0])} end + # + # takes a string with one or more ssh keys, one key per line, + # and returns a string that specified the ssh key algorithms + # that are supported by the keys, in order of preference. + # + # eg: ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519 + # + def self.supported_host_key_algorithms(string) + if string + self.parse_keys(string).map {|key| + key.type + }.join(',') + else + "" + end + end + ## ## INSTANCE METHODS ## diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index 2dd22ca..16d2b22 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -149,6 +149,9 @@ module LeapCli; module Util; module RemoteCommand opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that. end end + if !node.supported_ssh_host_key_algorithms.empty? + opts[:host_key] = node.supported_ssh_host_key_algorithms + end return opts end |