From 32e89e92600a361bdfe65ef34e3ac874515919f5 Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 9 Nov 2014 15:18:18 -0800 Subject: make sure to specify HostKeyAlgorithms for ssh and rsync. this is needed because otherwise you can't connect to a server that has ecdsa host key if all you have is an rsa key host key. closes bug #6337 --- lib/leap_cli/commands/shell.rb | 3 +++ lib/leap_cli/config/node.rb | 9 +++++++++ lib/leap_cli/ssh_key.rb | 17 +++++++++++++++++ lib/leap_cli/util/remote_command.rb | 3 +++ 4 files changed, 32 insertions(+) diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 2138e9d..a7a0d85 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -62,6 +62,9 @@ module LeapCli; module Commands else options << "-o 'StrictHostKeyChecking=yes'" end + if !node.supported_ssh_host_key_algorithms.empty? + options << "-o 'HostKeyAlgorithms=#{node.supported_ssh_host_key_algorithms}'" + end username = 'root' if LeapCli.log_level >= 3 options << "-vv" diff --git a/lib/leap_cli/config/node.rb b/lib/leap_cli/config/node.rb index 30af5d1..fe685cf 100644 --- a/lib/leap_cli/config/node.rb +++ b/lib/leap_cli/config/node.rb @@ -63,6 +63,15 @@ module LeapCli; module Config def test_dependencies [] end + + # returns a string list of supported ssh host key algorithms for this node. + # or an empty string if it could not be determined + def supported_ssh_host_key_algorithms + @host_key_algo ||= SshKey.supported_host_key_algorithms( + Util.read_file([:node_ssh_pub_key, @node.name]) + ) + end + end end; end diff --git a/lib/leap_cli/ssh_key.rb b/lib/leap_cli/ssh_key.rb index 3cbeddd..5a7ac23 100644 --- a/lib/leap_cli/ssh_key.rb +++ b/lib/leap_cli/ssh_key.rb @@ -107,6 +107,23 @@ module LeapCli return keys.map{|k| SshKey.load(k[1], k[0])} end + # + # takes a string with one or more ssh keys, one key per line, + # and returns a string that specified the ssh key algorithms + # that are supported by the keys, in order of preference. + # + # eg: ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519 + # + def self.supported_host_key_algorithms(string) + if string + self.parse_keys(string).map {|key| + key.type + }.join(',') + else + "" + end + end + ## ## INSTANCE METHODS ## diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index 2dd22ca..16d2b22 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -149,6 +149,9 @@ module LeapCli; module Util; module RemoteCommand opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that. end end + if !node.supported_ssh_host_key_algorithms.empty? + opts[:host_key] = node.supported_ssh_host_key_algorithms + end return opts end -- cgit v1.2.3