fix longstanding problem with vagrant nodes: everyone has a different ssh pub key, but before leap_cli wanted you to commit these different keys into. Now, for vagrant nodes, we ignore the host key: we don't save it, we don't check it.

4 files changed, 16 insertions, 8 deletions

diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index 4b5ea9e..1f94fe6 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -60,7 +60,7 @@ module LeapCli; module Commands
         finished = []
         manager.filter!(args).each_node do |node|
           ping_node(node, options) unless options[:noping]
-          save_public_host_key(node, global, options)
+          save_public_host_key(node, global, options) unless node.vagrant?
           update_compiled_ssh_configs
           ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]})
           ssh_connect(node, ssh_connect_options) do |ssh|
diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb
index 822ef05..3a6cebc 100644
--- a/lib/leap_cli/commands/shell.rb
+++ b/lib/leap_cli/commands/shell.rb
@@ -39,11 +39,14 @@ module LeapCli; module Commands
     options = [
       "-o 'HostName=#{node.ip_address}'",
       "-o 'HostKeyAlias=#{node.name}'",
-      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
-      "-o 'StrictHostKeyChecking=yes'"
+      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'"
     ]
     if node.vagrant?
       options << "-i #{vagrant_ssh_key_file}"
+      options << "-o 'StrictHostKeyChecking=no'"      # \ together, these options allow us to just blindly accept
+      options << "-o 'UserKnownHostsFile=/dev/null'"  # / what pub key the vagrant node has. useful, because it is different for everyone.
+    else
+      options << "-o 'StrictHostKeyChecking=yes'"
     end
     username = 'root'
     # the echo sets the terminal title. it would be better to do this on the server
diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb
index 2c77196..1197bfe 100644
--- a/lib/leap_cli/util/remote_command.rb
+++ b/lib/leap_cli/util/remote_command.rb
@@ -46,6 +46,7 @@ module LeapCli; module Util; module RemoteCommand
     {
       :config => false,
       :global_known_hosts_file => path(:known_hosts),
+      :user_known_hosts_file => '/dev/null',
       :paranoid => true
     }
   end
@@ -95,11 +96,15 @@ module LeapCli; module Util; module RemoteCommand
   end
 
   def contingent_ssh_options_for_node(node)
+    opts = {}
     if node.vagrant?
-      {:keys => [vagrant_ssh_key_file]}
-    else
-      {}
+      opts[:keys] = [vagrant_ssh_key_file]
+      opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone.
+      if LeapCli::log_level <= 1
+        opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that.
+      end
     end
+    return opts
   end
 
 end; end; end
\ No newline at end of file
diff --git a/vendor/rsync_command/lib/rsync_command/ssh_options.rb b/vendor/rsync_command/lib/rsync_command/ssh_options.rb
index 494ec9d..3cc908f 100644
--- a/vendor/rsync_command/lib/rsync_command/ssh_options.rb
+++ b/vendor/rsync_command/lib/rsync_command/ssh_options.rb
@@ -32,14 +32,14 @@ class RsyncCommand
 
     def parse_options(options)
       options.map do |key, value|
-        next unless value
+        next if value.nil?
         # Convert Net::SSH options into OpenSSH options.
         case key
         when :auth_methods            then opt_auth_methods(value)
         when :bind_address            then opt('BindAddress', value)
         when :compression             then opt('Compression', value ? 'yes' : 'no')
         when :compression_level       then opt('CompressionLevel', value.to_i)
-        when :config                  then "-F '#{value}'"
+        when :config                  then value ? "-F '#{value}'" : nil
         when :encryption              then opt('Ciphers', [value].flatten.join(','))
         when :forward_agent           then opt('ForwardAgent', value)
         when :global_known_hosts_file then opt('GlobalKnownHostsFile', value)