Please sign in to comment.
ssh: Move to /etc/ssh/ssh_known_hosts
There is no real reason for maintaining our own /var/lib/cockpit/known_hosts file, as ssh itself already has a global one in /etc/ssh/ssh_known_hosts. Use that by default, but fallback to the legacy file for (1) lookups if a host is not already known in the former but known in the latter; and (2) for writing if the ws we talk to is still an old version (by checking if ws still has the "ssh" capability). Move the determination and setting of the known hosts file into a new set_knownhosts_file() function, as it is now reasonably complex, will be extended further in the future with more sources of known hosts, and avoids handling SSH_OPTIONS_KNOWNHOSTS in multiple different places. Adjust the integration tests to the new path and add new tests for covering the fallback to the legacy file. Reviewed-by: Peter Volpe <firstname.lastname@example.org>
- Loading branch information...
Showing with 156 additions and 79 deletions.
- +2 −2 doc/authentication.md
- +1 −1 doc/guide/feature-machines.xml
- +4 −1 pkg/lib/machines.js
- +5 −1 src/common/cockpitknownhosts.c
- +105 −64 src/ssh/cockpitsshrelay.c
- +7 −1 src/ws/cockpitauthoptions.c
- +4 −2 src/ws/cockpitauthoptions.h
- +1 −1 src/ws/test-authoptions.c
- +26 −5 test/verify/check-multi-machine
- +1 −1 test/verify/kubelib.py
Oops, something went wrong.