Skip to content

change: ssh host key verification prompts #370

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
shreddedbacon merged 1 commit into from
Aug 13, 2024
Merged

change: ssh host key verification prompts #370

shreddedbacon merged 1 commit into from
Aug 13, 2024

Conversation

@shreddedbacon
Copy link
Member

@shreddedbacon shreddedbacon commented Aug 7, 2024
edited
Loading

General Checklist

  • Affected Issues have been mentioned in the Closing issues section
  • Documentation has been written/updated
  • PR title is ready for inclusion in changelog

The go knownhosts implementation doesn't prompt for host keys if they're unknown.

The lagoon-cli ssh command previously just ignored host keys entirely. With the introduction of the logs support, this command checked host keys.

If a user had not previously connected to the ssh host before via ssh directly to accept the host key, then the command would return an error with knownhosts: key is unknown. With no way to proceed or accept the host key via lagoon-cli.

This implements similar logic that ssh uses with StrictHostKeyChecking, with accept-new and no.

  • accept-new is the default, and will just accept the host key and add it to known hosts, it will still check if the host key has changed though and present an error if it detects this.
  • no will just ignore the any host key checking

Users that use lagoon-cli in automation, if you encounter issues with the host key checks, you can add the flag --strict-host-key-checking no to ignore it, or set the the feature flag as below

lagoon config feature --strict-host-key-checking no
# to remove the feature set it to empty or 'accept-new'
lagoon config feature --strict-host-key-checking ""

or add the line stricthostkeychecking: no to your lagoon-cli config .lagoon.yml file.

@shreddedbacon shreddedbacon force-pushed the knownhost-prompt branch 4 times, most recently from 20a1a04 to b6190d7 Compare August 12, 2024 23:15
@shreddedbacon shreddedbacon marked this pull request as ready for review August 12, 2024 23:20
@shreddedbacon shreddedbacon merged commit 279fae0 into main Aug 13, 2024
@shreddedbacon shreddedbacon deleted the knownhost-prompt branch August 13, 2024 23:29
rocketeerbkw added a commit to rocketeerbkw/ddev that referenced this pull request Sep 4, 2024
@rocketeerbkw
fix: Lagoon integration automated tests
70e84fb 
A recent lagoon-cli release enabled strict host key checking for ssh by default uselagoon/lagoon-cli#370
@rocketeerbkw rocketeerbkw mentioned this pull request Sep 4, 2024
Closed
rfay pushed a commit to ddev/ddev that referenced this pull request Sep 5, 2024
@rocketeerbkw @rfay
fix: Lagoon integration automated tests
b4ad5db 
A recent lagoon-cli release enabled strict host key checking for ssh by default uselagoon/lagoon-cli#370
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CGoodwin90 CGoodwin90 CGoodwin90 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shreddedbacon @CGoodwin90