summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-06-11 12:24:42 -0700
committerelijah <elijah@riseup.net>2013-06-11 12:24:42 -0700
commitf0c9d0a1fe8b19edf53f775dffb66057c0c9be12 (patch)
treecc7150c5b3c2e467f9b37e6b2e282160320c51d2
parent404353dcf345122c0f04555a572efc5417f1b661 (diff)
fix longstanding problem with vagrant nodes: everyone has a different ssh pub key, but before leap_cli wanted you to commit these different keys into. Now, for vagrant nodes, we ignore the host key: we don't save it, we don't check it.
-rw-r--r--lib/leap_cli/commands/node.rb2
-rw-r--r--lib/leap_cli/commands/shell.rb7
-rw-r--r--lib/leap_cli/util/remote_command.rb11
-rw-r--r--vendor/rsync_command/lib/rsync_command/ssh_options.rb4
4 files changed, 16 insertions, 8 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index 4b5ea9e..1f94fe6 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -60,7 +60,7 @@ module LeapCli; module Commands
finished = []
manager.filter!(args).each_node do |node|
ping_node(node, options) unless options[:noping]
- save_public_host_key(node, global, options)
+ save_public_host_key(node, global, options) unless node.vagrant?
update_compiled_ssh_configs
ssh_connect_options = connect_options(options).merge({:bootstrap => true, :echo => options[:echo]})
ssh_connect(node, ssh_connect_options) do |ssh|
diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb
index 822ef05..3a6cebc 100644
--- a/lib/leap_cli/commands/shell.rb
+++ b/lib/leap_cli/commands/shell.rb
@@ -39,11 +39,14 @@ module LeapCli; module Commands
options = [
"-o 'HostName=#{node.ip_address}'",
"-o 'HostKeyAlias=#{node.name}'",
- "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
- "-o 'StrictHostKeyChecking=yes'"
+ "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'"
]
if node.vagrant?
options << "-i #{vagrant_ssh_key_file}"
+ options << "-o 'StrictHostKeyChecking=no'" # \ together, these options allow us to just blindly accept
+ options << "-o 'UserKnownHostsFile=/dev/null'" # / what pub key the vagrant node has. useful, because it is different for everyone.
+ else
+ options << "-o 'StrictHostKeyChecking=yes'"
end
username = 'root'
# the echo sets the terminal title. it would be better to do this on the server
diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb
index 2c77196..1197bfe 100644
--- a/lib/leap_cli/util/remote_command.rb
+++ b/lib/leap_cli/util/remote_command.rb
@@ -46,6 +46,7 @@ module LeapCli; module Util; module RemoteCommand
{
:config => false,
:global_known_hosts_file => path(:known_hosts),
+ :user_known_hosts_file => '/dev/null',
:paranoid => true
}
end
@@ -95,11 +96,15 @@ module LeapCli; module Util; module RemoteCommand
end
def contingent_ssh_options_for_node(node)
+ opts = {}
if node.vagrant?
- {:keys => [vagrant_ssh_key_file]}
- else
- {}
+ opts[:keys] = [vagrant_ssh_key_file]
+ opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone.
+ if LeapCli::log_level <= 1
+ opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that.
+ end
end
+ return opts
end
end; end; end \ No newline at end of file
diff --git a/vendor/rsync_command/lib/rsync_command/ssh_options.rb b/vendor/rsync_command/lib/rsync_command/ssh_options.rb
index 494ec9d..3cc908f 100644
--- a/vendor/rsync_command/lib/rsync_command/ssh_options.rb
+++ b/vendor/rsync_command/lib/rsync_command/ssh_options.rb
@@ -32,14 +32,14 @@ class RsyncCommand
def parse_options(options)
options.map do |key, value|
- next unless value
+ next if value.nil?
# Convert Net::SSH options into OpenSSH options.
case key
when :auth_methods then opt_auth_methods(value)
when :bind_address then opt('BindAddress', value)
when :compression then opt('Compression', value ? 'yes' : 'no')
when :compression_level then opt('CompressionLevel', value.to_i)
- when :config then "-F '#{value}'"
+ when :config then value ? "-F '#{value}'" : nil
when :encryption then opt('Ciphers', [value].flatten.join(','))
when :forward_agent then opt('ForwardAgent', value)
when :global_known_hosts_file then opt('GlobalKnownHostsFile', value)