diff options
author | elijah <elijah@riseup.net> | 2014-03-07 01:20:24 -0800 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-03-07 01:20:24 -0800 |
commit | 16c6cbae4f155c6f8c626fc69cca41ebee1a9e05 (patch) | |
tree | b0dc8c4d08b2db979ddad234d68a3ca1e6436b34 | |
parent | 5b72aefd2d317c90198bd6d3f711cbb407b5b6c2 (diff) | |
download | leap_cli-16c6cbae4f155c6f8c626fc69cca41ebee1a9e05.tar.gz leap_cli-16c6cbae4f155c6f8c626fc69cca41ebee1a9e05.tar.bz2 |
added IdentitiesOnly ssh option to both ssh command and ruby Net::SSH options -- this should prevent ssh from trying all the keys in ~/.ssh. you might still get the error "Too many authentication failures" if you have a ton of keys activated in ~/.ssh/config
-rw-r--r-- | lib/leap_cli/commands/shell.rb | 3 | ||||
-rw-r--r-- | lib/leap_cli/util/remote_command.rb | 1 |
2 files changed, 3 insertions, 1 deletions
diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 40990e9..c7d14f8 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -43,7 +43,8 @@ module LeapCli; module Commands "-o 'UserKnownHostsFile=/dev/null'" ] if node.vagrant? - options << "-i #{vagrant_ssh_key_file}" + options << "-i #{vagrant_ssh_key_file}" # use the universal vagrant insecure key + options << '-o IdentitiesOnly=yes' # only use explicitly configured keys options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null) else options << "-o 'StrictHostKeyChecking=yes'" diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index c24a543..93d1bd1 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -99,6 +99,7 @@ module LeapCli; module Util; module RemoteCommand opts = {} if node.vagrant? opts[:keys] = [vagrant_ssh_key_file] + opts[:keys_only] = true # only use the keys specified above, and ignore whatever keys the ssh-agent is aware of. opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone. if LeapCli::log_level <= 1 opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that. |