force strict host key checking when host is known
Avoid any possibilty of prompting in ssh setup in webapp. Prticularly on Windows this was a problem, it seemed to enter an infinite loop. I think that ssh can sometimes use SSH_ASKPASS for y/n prompting, when no controlling TTY is available, and since git-annex always answers back with the host's password, not y/n, it looped. This commit was sponsored by Simon Michael.
This commit is contained in:
Joey Hess
parent
a66c942645
commit
f41b585c29
1 changed files with 7 additions and 6 deletions
|
|
@ -266,17 +266,18 @@ testServer sshinput@(SshInput { inputHostname = Just hn }) = do
|
||||||
, getgitconfig (T.unpack <$> inputDirectory sshinput)
|
, getgitconfig (T.unpack <$> inputDirectory sshinput)
|
||||||
]
|
]
|
||||||
knownhost <- liftIO $ knownHost hn
|
knownhost <- liftIO $ knownHost hn
|
||||||
let sshopts = catMaybes
|
let sshopts =
|
||||||
{- If this is an already known host, let
|
{- If this is an already known host, let
|
||||||
- ssh check it as usual.
|
- ssh check it as usual.
|
||||||
- Otherwise, trust the host key. -}
|
- Otherwise, trust the host key. -}
|
||||||
[ if knownhost then Nothing else Just (sshOpt "StrictHostKeyChecking" "no")
|
[ sshOpt "StrictHostKeyChecking" $
|
||||||
, Just "-n" -- don't read from stdin
|
if knownhost then "yes" else "no"
|
||||||
, Just "-p", Just (show (inputPort sshinput))
|
, "-n" -- don't read from stdin
|
||||||
, Just $ genSshHost
|
, "-p", show (inputPort sshinput)
|
||||||
|
, genSshHost
|
||||||
(fromJust $ inputHostname sshinput)
|
(fromJust $ inputHostname sshinput)
|
||||||
(inputUsername sshinput)
|
(inputUsername sshinput)
|
||||||
, Just remotecommand
|
, remotecommand
|
||||||
]
|
]
|
||||||
parsetranscript . fst <$> sshAuthTranscript sshinput sshopts Nothing
|
parsetranscript . fst <$> sshAuthTranscript sshinput sshopts Nothing
|
||||||
parsetranscript s =
|
parsetranscript s =
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue