-
-
Notifications
You must be signed in to change notification settings - Fork 444
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix host key checking #656
Conversation
Steps to reproduce: #!/usr/bin/env ruby
require 'net/ssh'
Net::SSH.start('example.com', 'username', :verify_host_key=>:always) do |ssh|
puts ssh.exec!('hostname')
end Without this patch, will only work if the known_hosts file has a line matching |
@smortex thanks for the PR, can you please add a testcase for it? |
Hi @mfazekas! My previous attempt to add tests failed because of another bug. A fresh view allowed me to spot it (b5af8a8) and add a few tests. It also allowed me to see a difference between net-ssh and ssh(1), I detailed the issue in 855d617. Globing is also still not handled for matching entries in the known_hosts file, but I think this can be part of another PR (only do bugfix in tis PR and add adding missing features in another one). |
Just added a commit that fix the issue detailed in 855d617. This is ready for review / merging 🎉 Please note that I have anther commit on top of this for matching hostnames against patterns that can be found in the known_host file. I plan to open another PR when this one is merged, but if you prefer, I can include the change in this branch. Just let me know! |
Codecov Report
@@ Coverage Diff @@
## master #656 +/- ##
==========================================
- Coverage 95.82% 95.75% -0.08%
==========================================
Files 144 144
Lines 9515 9509 -6
==========================================
- Hits 9118 9105 -13
- Misses 397 404 +7
Continue to review full report at Codecov.
|
This seems like a really nice improvement. Would love to see it adopted. |
This method is supposed to transform a relative path into an absolute one, but ignrore the provided path and always return the full path to the same fixture file.
ecd30bf
to
6412972
Compare
The known_hosts file may contain keys associated with a hostname, an ip-address, or both. When validating a key, the net-ssh gem ensure that both the hostname and the ip-address match beforce adding that key. Thus, if the known_hosts file only contains one of these two pieces of information, the host key verification fails. Instead of adding keys when both the hostname and the ip-address match, add them when the user-supplied identification of the remote host match an entry in the known_hosts file. Optionaly, if `check_host_ip` is set to true, the resolved IP address of the remote host is also checked.
6412972
to
c31d059
Compare
@smortex thanks much for the PR, i'll probably change check_host_ip default to true in 5.1.1, and will change to false in next major version. |
@mfazekas When do you expect to release 5.1.1? Would like to use this! Thanks. |
The known_hosts file may contain keys associated with a hostname, an
ip-address, or both.
When validating a key, the net-ssh gem ensure that both the hostname and
the ip-address match beforce adding a key. Thus, if the known_hosts
file only contains one of these two pieces of information, the host key
verification fails.
Instead of adding keys when both the hostname and the ip-address match,
add them when any of these information match.