[pve-devel] [PATCH cluster 2/4] fix #4886: SSH: pin node's host key if available
Fabian Grünbichler
f.gruenbichler at proxmox.com
Thu Jan 11 11:51:16 CET 2024
if the target node has already stored their SSH host key on pmxcfs, pin it and
ignore the global known hosts information.
Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
src/PVE/SSHInfo.pm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/PVE/SSHInfo.pm b/src/PVE/SSHInfo.pm
index c351148..fad23bf 100644
--- a/src/PVE/SSHInfo.pm
+++ b/src/PVE/SSHInfo.pm
@@ -49,11 +49,24 @@ sub get_ssh_info {
sub ssh_info_to_command_base {
my ($info, @extra_options) = @_;
+
+ my $nodename = $info->{name};
+
+ my $known_hosts_file = "/etc/pve/nodes/$nodename/ssh_known_hosts";
+ my $known_hosts_options = undef;
+ if (-f $known_hosts_file) {
+ $known_hosts_options = [
+ '-o', "UserKnownHostsFile=$known_hosts_file",
+ '-o', 'GlobalKnownHostsFile=none',
+ ];
+ }
+
return [
'/usr/bin/ssh',
'-e', 'none',
'-o', 'BatchMode=yes',
- '-o', 'HostKeyAlias='.$info->{name},
+ '-o', 'HostKeyAlias='.$nodename,
+ defined($known_hosts_options) ? @$known_hosts_options : (),
@extra_options
];
}
--
2.39.2
More information about the pve-devel
mailing list