lib/leap_cli/ssh/options.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

#
# Options for passing to the ruby gem ssh-net
#

module LeapCli
  module SSH
    module Options

      #
      # options passed to net-ssh. See
      # https://net-ssh.github.io/net-ssh/Net/SSH.html#method-c-start
      # for the available options.
      #
      def self.global_options
        {
          #:keys_only => true,
          :global_known_hosts_file => Path.named_path(:known_hosts),
          :user_known_hosts_file => '/dev/null',
          :paranoid => true,
          :verbose => net_ssh_log_level,
          :auth_methods => ["publickey"],
          :timeout => 5
        }
      end

      def self.node_options(node, ssh_options_override=nil)
        {
          # :host_key_alias => node.name, << incompatible with ports in known_hosts
          :host_name => node.ip_address,
          :port => node.ssh.port
        }.merge(
          contingent_ssh_options_for_node(node)
        ).merge(
          ssh_options_override||{}
        )
      end

      def self.options_from_args(args)
        ssh_options = {}
        if args[:port]
          ssh_options[:port] = args[:port]
        end
        if args[:ip]
          ssh_options[:host_name] = args[:ip]
        end
        if args[:auth_methods]
          ssh_options[:auth_methods] = args[:auth_methods]
        end
        return ssh_options
      end

      def self.sanitize_command(cmd)
        if cmd =~ /(^|\/| )rm / || cmd =~ /(^|\/| )unlink /
          LeapCli.log :warning, "You probably don't want to do that. Run with --force if you are really sure."
          exit(1)
        else
          cmd
        end
      end

      private

      def self.contingent_ssh_options_for_node(node)
        opts = {}
        if node.vagrant?
          opts[:keys] = [LeapCli::Util::Vagrant.vagrant_ssh_key_file]
          opts[:keys_only] = true # only use the keys specified above, and
                                  # ignore whatever keys the ssh-agent is aware of.
          opts[:paranoid] = false # we skip host checking for vagrant nodes,
                                  # because fingerprint is different for everyone.
          if LeapCli.logger.log_level <= 1
            opts[:verbose] = :error # suppress all the warnings about adding
                                    # host keys to known_hosts, since it is
                                    # not actually doing that.
          end
        end
        if !node.supported_ssh_host_key_algorithms.empty?
          opts[:host_key] = node.supported_ssh_host_key_algorithms
        end
        return opts
      end

      def self.net_ssh_log_level
        if DEBUG
          case LeapCli.logger.log_level
            when 1 then :error
            when 2 then :info
            else :debug
          end
        else
          :fatal
        end
      end

    end
  end
end