force strict host key checking when host is known
Avoid any possibilty of prompting in ssh setup in webapp. Prticularly on Windows this was a problem, it seemed to enter an infinite loop. I think that ssh can sometimes use SSH_ASKPASS for y/n prompting, when no controlling TTY is available, and since git-annex always answers back with the host's password, not y/n, it looped. This commit was sponsored by Simon Michael.
This commit is contained in:
Joey Hess
parent
a66c942645
commit
f41b585c29
1 changed files with 7 additions and 6 deletions
|
|
@ -266,17 +266,18 @@ testServer sshinput@(SshInput { inputHostname = Just hn }) = do
|
|||
, getgitconfig (T.unpack <$> inputDirectory sshinput)
|
||||
]
|
||||
knownhost <- liftIO $ knownHost hn
|
||||
let sshopts = catMaybes
|
||||
let sshopts =
|
||||
{- If this is an already known host, let
|
||||
- ssh check it as usual.
|
||||
- Otherwise, trust the host key. -}
|
||||
[ if knownhost then Nothing else Just (sshOpt "StrictHostKeyChecking" "no")
|
||||
, Just "-n" -- don't read from stdin
|
||||
, Just "-p", Just (show (inputPort sshinput))
|
||||
, Just $ genSshHost
|
||||
[ sshOpt "StrictHostKeyChecking" $
|
||||
if knownhost then "yes" else "no"
|
||||
, "-n" -- don't read from stdin
|
||||
, "-p", show (inputPort sshinput)
|
||||
, genSshHost
|
||||
(fromJust $ inputHostname sshinput)
|
||||
(inputUsername sshinput)
|
||||
, Just remotecommand
|
||||
, remotecommand
|
||||
]
|
||||
parsetranscript . fst <$> sshAuthTranscript sshinput sshopts Nothing
|
||||
parsetranscript s =
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue