added IdentitiesOnly ssh option to both ssh command and ruby Net::SSH options --...

diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb
index 40990e997c71c583b5bd6fd58064cc956ef16e96..c7d14f8b154576247a25e7d5c4c200d54b24d931 100644 (file)
--- a/lib/leap_cli/commands/shell.rb
+++ b/lib/leap_cli/commands/shell.rb
@@ -43,7 +43,8 @@ module LeapCli; module Commands
       "-o 'UserKnownHostsFile=/dev/null'"
     ]
     if node.vagrant?
-      options << "-i #{vagrant_ssh_key_file}"
+      options << "-i #{vagrant_ssh_key_file}"    # use the universal vagrant insecure key
+      options << '-o IdentitiesOnly=yes'         # only use explicitly configured keys
       options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
     else
       options << "-o 'StrictHostKeyChecking=yes'"

diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb
index c24a543d2ebc59c6423eb060d22bc2faf9453dcd..93d1bd1c1936f19cfa482a356293ce2bfcf457dc 100644 (file)
--- a/lib/leap_cli/util/remote_command.rb
+++ b/lib/leap_cli/util/remote_command.rb
@@ -99,6 +99,7 @@ module LeapCli; module Util; module RemoteCommand
     opts = {}
     if node.vagrant?
       opts[:keys] = [vagrant_ssh_key_file]
+      opts[:keys_only] = true # only use the keys specified above, and ignore whatever keys the ssh-agent is aware of.
       opts[:paranoid] = false # we skip host checking for vagrant nodes, because fingerprint is different for everyone.
       if LeapCli::log_level <= 1
         opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that.