Commit e66d9f1a authored by Iustin Pop's avatar Iustin Pop
Browse files

Fix ssh host key checking with no-key-check



In case we add a node with “--no-ssh-key-check”, this should override
any default yes/ask values in the system-wide (or user) ssh key check.

Currently this only works in batch mode, whereas in non-batch we only
override a 'no'. The patch fixes SshRunner such that in non-batch mode
we enforce the value of StrictHostKeyChecking in all cases.

Bug found and initial investigation by Theo Van Dinter.
Signed-off-by: default avatarIustin Pop <iustin@google.com>
Reviewed-by: default avatarMichael Hanselmann <hansmi@google.com>
parent b44b0141
......@@ -114,10 +114,15 @@ class SshRunner:
else:
options.append("-oStrictHostKeyChecking=no")
elif ask_key:
options.extend([
"-oStrictHostKeyChecking=ask",
])
else:
# non-batch mode
if ask_key:
options.append("-oStrictHostKeyChecking=ask")
elif strict_host_check:
options.append("-oStrictHostKeyChecking=yes")
else:
options.append("-oStrictHostKeyChecking=no")
return options
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment