diff options
| author | elijah <elijah@riseup.net> | 2013-06-11 12:24:42 -0700 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2013-06-11 12:24:42 -0700 |
| commit | f0c9d0a1fe8b19edf53f775dffb66057c0c9be12 (patch) | |
| tree | cc7150c5b3c2e467f9b37e6b2e282160320c51d2 /lib | |
| parent | 404353dcf345122c0f04555a572efc5417f1b661 (diff) | |
| download | leap_cli-f0c9d0a1fe8b19edf53f775dffb66057c0c9be12.tar.gz leap_cli-f0c9d0a1fe8b19edf53f775dffb66057c0c9be12.tar.bz2 | |
fix longstanding problem with vagrant nodes: everyone has a different ssh pub key, but before leap_cli wanted you to commit these different keys into. Now, for vagrant nodes, we ignore the host key: we don't save it, we don't check it.
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/leap_cli/commands/node.rb | 2 | ||||
| -rw-r--r-- | lib/leap_cli/commands/shell.rb | 7 | ||||
| -rw-r--r-- | lib/leap_cli/util/remote_command.rb | 11 |
3 files changed, 14 insertions, 6 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb index 4b5ea9e..1f94fe6 100644 --- a/lib/leap_cli/commands/node.rb +++ b/lib/leap_cli/commands/node.rb @@ -60,7 +60,7 @@ module LeapCli; module Commands finished = [] manager.filter!(args).each_node do |node| ping_node(node, options) unless options[:noping] - save_public_host_key(node, global, options) + save_public_host_key(node, global, options) unless node.vagrant? update_compiled_ssh_configs ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]}) ssh_connect(node, ssh_connect_options) do |ssh| diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 822ef05..3a6cebc 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -39,11 +39,14 @@ module LeapCli; module Commands options = [ "-o 'HostName=#{node.ip_address}'", "-o 'HostKeyAlias=#{node.name}'", - "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'", - "-o 'StrictHostKeyChecking=yes'" + "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'" ] if node.vagrant? options << "-i #{vagrant_ssh_key_file}" + options << "-o 'StrictHostKeyChecking=no'" # \ together, these options allow us to just blindly accept + options << "-o 'UserKnownHostsFile=/dev/null'" # / what pub key the vagrant node has. useful, because it is different for everyone. + else + options << "-o 'StrictHostKeyChecking=yes'" end username = 'root' # the echo sets the terminal title. it would be better to do this on the server diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index 2c77196..1197bfe 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -46,6 +46,7 @@ module LeapCli; module Util; module RemoteCommand { :config => false, :global_known_hosts_file => path(:known_hosts), + :user_known_hosts_file => '/dev/null', :paranoid => true } end @@ -95,11 +96,15 @@ module LeapCli; module Util; module RemoteCommand end def contingent_ssh_options_for_node(node) + opts = {} if node.vagrant? - {:keys => [vagrant_ssh_key_file]} - else - {} + opts[:keys] = [vagrant_ssh_key_file] + opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone. + if LeapCli::log_level <= 1 + opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that. + end end + return opts end end; end; end
\ No newline at end of file |