summaryrefslogtreecommitdiff
path: root/lib/leap_cli/commands
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2013-06-11 16:30:58 -0700
committerelijah <elijah@riseup.net>2013-06-11 16:30:58 -0700
commit275922ce4fa5c7d324d53a1165d9f03485907914 (patch)
treed37b6ab20c8c0de70c115c4387960e1b1cff9ead /lib/leap_cli/commands
parentffcaa2169d768747c32093ffa00becd7951df640 (diff)
store port in provider's known_hosts to prevent modification of ~/.ssh/known_hosts.
Diffstat (limited to 'lib/leap_cli/commands')
-rw-r--r--lib/leap_cli/commands/node.rb11
-rw-r--r--lib/leap_cli/commands/shell.rb9
2 files changed, 14 insertions, 6 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index 32e9d3f..2ced2ee 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -125,7 +125,13 @@ module LeapCli; module Commands
buffer = StringIO.new
manager.nodes.keys.sort.each do |node_name|
node = manager.nodes[node_name]
- hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].join(',')
+ hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].map {|hn|
+ if node.ssh.port == 22
+ hn
+ else
+ "[#{hn}]:#{node.ssh.port}"
+ end
+ }.join(',')
pub_key = read_file([:node_ssh_pub_key,node.name])
if pub_key
buffer << [hostnames, pub_key].join(' ')
@@ -189,6 +195,9 @@ module LeapCli; module Commands
assert_bin!('ssh-keyscan')
output = assert_run! "ssh-keyscan -p #{port} -t ecdsa #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?"
line = output.split("\n").grep(/^[^#]/).first
+ if line =~ /No route to host/
+ bail! :failed, 'ssh-keyscan: no route to %s' % address
+ end
assert! line, "Got zero host keys back!"
ip, key_type, public_key = line.split(' ')
return SshKey.load(public_key, key_type)
diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb
index 3a6cebc..be51247 100644
--- a/lib/leap_cli/commands/shell.rb
+++ b/lib/leap_cli/commands/shell.rb
@@ -38,18 +38,17 @@ module LeapCli; module Commands
node = get_node_from_args(args)
options = [
"-o 'HostName=#{node.ip_address}'",
- "-o 'HostKeyAlias=#{node.name}'",
- "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'"
+ # "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
+ "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
+ "-o 'UserKnownHostsFile=/dev/null'"
]
if node.vagrant?
options << "-i #{vagrant_ssh_key_file}"
- options << "-o 'StrictHostKeyChecking=no'" # \ together, these options allow us to just blindly accept
- options << "-o 'UserKnownHostsFile=/dev/null'" # / what pub key the vagrant node has. useful, because it is different for everyone.
+ options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
else
options << "-o 'StrictHostKeyChecking=yes'"
end
username = 'root'
- # the echo sets the terminal title. it would be better to do this on the server
ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
if cmd == :ssh
command = "#{ssh} #{node.name}"