diff options
author | elijah <elijah@riseup.net> | 2013-06-11 16:30:58 -0700 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2013-06-11 16:30:58 -0700 |
commit | 275922ce4fa5c7d324d53a1165d9f03485907914 (patch) | |
tree | d37b6ab20c8c0de70c115c4387960e1b1cff9ead | |
parent | ffcaa2169d768747c32093ffa00becd7951df640 (diff) |
store port in provider's known_hosts to prevent modification of ~/.ssh/known_hosts.
-rw-r--r-- | lib/leap_cli/commands/node.rb | 11 | ||||
-rw-r--r-- | lib/leap_cli/commands/shell.rb | 9 | ||||
-rw-r--r-- | lib/leap_cli/util/remote_command.rb | 2 |
3 files changed, 15 insertions, 7 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb index 32e9d3f..2ced2ee 100644 --- a/lib/leap_cli/commands/node.rb +++ b/lib/leap_cli/commands/node.rb @@ -125,7 +125,13 @@ module LeapCli; module Commands buffer = StringIO.new manager.nodes.keys.sort.each do |node_name| node = manager.nodes[node_name] - hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].join(',') + hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].map {|hn| + if node.ssh.port == 22 + hn + else + "[#{hn}]:#{node.ssh.port}" + end + }.join(',') pub_key = read_file([:node_ssh_pub_key,node.name]) if pub_key buffer << [hostnames, pub_key].join(' ') @@ -189,6 +195,9 @@ module LeapCli; module Commands assert_bin!('ssh-keyscan') output = assert_run! "ssh-keyscan -p #{port} -t ecdsa #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?" line = output.split("\n").grep(/^[^#]/).first + if line =~ /No route to host/ + bail! :failed, 'ssh-keyscan: no route to %s' % address + end assert! line, "Got zero host keys back!" ip, key_type, public_key = line.split(' ') return SshKey.load(public_key, key_type) diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb index 3a6cebc..be51247 100644 --- a/lib/leap_cli/commands/shell.rb +++ b/lib/leap_cli/commands/shell.rb @@ -38,18 +38,17 @@ module LeapCli; module Commands node = get_node_from_args(args) options = [ "-o 'HostName=#{node.ip_address}'", - "-o 'HostKeyAlias=#{node.name}'", - "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'" + # "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break. + "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'", + "-o 'UserKnownHostsFile=/dev/null'" ] if node.vagrant? options << "-i #{vagrant_ssh_key_file}" - options << "-o 'StrictHostKeyChecking=no'" # \ together, these options allow us to just blindly accept - options << "-o 'UserKnownHostsFile=/dev/null'" # / what pub key the vagrant node has. useful, because it is different for everyone. + options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null) else options << "-o 'StrictHostKeyChecking=yes'" end username = 'root' - # the echo sets the terminal title. it would be better to do this on the server ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}" if cmd == :ssh command = "#{ssh} #{node.name}" diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb index 1197bfe..c24a543 100644 --- a/lib/leap_cli/util/remote_command.rb +++ b/lib/leap_cli/util/remote_command.rb @@ -64,7 +64,7 @@ module LeapCli; module Util; module RemoteCommand ssh_options_override ||= {} { :ssh_options => { - :host_key_alias => node.name, + # :host_key_alias => node.name, << incompatible with ports in known_hosts :host_name => node.ip_address, :port => node.ssh.port }.merge(contingent_ssh_options_for_node(node)).merge(ssh_options_override) |