From f0c9d0a1fe8b19edf53f775dffb66057c0c9be12 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 11 Jun 2013 12:24:42 -0700 Subject: fix longstanding problem with vagrant nodes: everyone has a different ssh pub key, but before leap_cli wanted you to commit these different keys into. Now, for vagrant nodes, we ignore the host key: we don't save it, we don't check it. --- lib/leap_cli/commands/node.rb | 2 +- lib/leap_cli/commands/shell.rb | 7 +++++-- lib/leap_cli/util/remote_command.rb | 11 ++++++++--- vendor/rsync_command/lib/rsync_command/ssh_options.rb | 4 ++-- 4 files changed, 16 insertions(+), 8 deletions(-) diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb index 4b5ea9e..1f94fe6 100644 --- a/lib/leap_cli/commands/node.rb +++ b/lib/leap_cli/commands/node.rb @@ -60,7 +60,7 @@ module LeapCli; module Commands finished = [] manager.filter!(args).each_node do |node| ping_node(node, options) unless options[:noping] - save_public_host_key(node, global, options) + save_public_host_key(node, global, options) unless node.vagrant? update_compiled_ssh_configs ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]}) ssh_connect(node, ssh_connect_options) do |ssh| diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 822ef05..3a6cebc 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -39,11 +39,14 @@ module LeapCli; module Commands options = [ "-o 'HostName=#{node.ip_address}'", "-o 'HostKeyAlias=#{node.name}'", - "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'", - "-o 'StrictHostKeyChecking=yes'" + "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'" ] if node.vagrant? options << "-i #{vagrant_ssh_key_file}" + options << "-o 'StrictHostKeyChecking=no'" # \ together, these options allow us to just blindly accept + options << "-o 'UserKnownHostsFile=/dev/null'" # / what pub key the vagrant node has. useful, because it is different for everyone. + else + options << "-o 'StrictHostKeyChecking=yes'" end username = 'root' # the echo sets the terminal title. it would be better to do this on the server diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index 2c77196..1197bfe 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -46,6 +46,7 @@ module LeapCli; module Util; module RemoteCommand { :config => false, :global_known_hosts_file => path(:known_hosts), + :user_known_hosts_file => '/dev/null', :paranoid => true } end @@ -95,11 +96,15 @@ module LeapCli; module Util; module RemoteCommand end def contingent_ssh_options_for_node(node) + opts = {} if node.vagrant? - {:keys => [vagrant_ssh_key_file]} - else - {} + opts[:keys] = [vagrant_ssh_key_file] + opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone. + if LeapCli::log_level <= 1 + opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that. + end end + return opts end end; end; end \ No newline at end of file diff --git a/vendor/rsync_command/lib/rsync_command/ssh_options.rb b/vendor/rsync_command/lib/rsync_command/ssh_options.rb index 494ec9d..3cc908f 100644 --- a/vendor/rsync_command/lib/rsync_command/ssh_options.rb +++ b/vendor/rsync_command/lib/rsync_command/ssh_options.rb @@ -32,14 +32,14 @@ class RsyncCommand def parse_options(options) options.map do |key, value| - next unless value + next if value.nil? # Convert Net::SSH options into OpenSSH options. case key when :auth_methods then opt_auth_methods(value) when :bind_address then opt('BindAddress', value) when :compression then opt('Compression', value ? 'yes' : 'no') when :compression_level then opt('CompressionLevel', value.to_i) - when :config then "-F '#{value}'" + when :config then value ? "-F '#{value}'" : nil when :encryption then opt('Ciphers', [value].flatten.join(',')) when :forward_agent then opt('ForwardAgent', value) when :global_known_hosts_file then opt('GlobalKnownHostsFile', value) -- cgit v1.2.3