store port in provider's known_hosts to prevent modification of ~/.ssh/known_hosts.

diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index 32e9d3fa4c578c9e6b9d8988598fcacf525eb5b3..2ced2ee04199582a73bb5b2c6a523b400c36c501 100644 (file)
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -125,7 +125,13 @@ module LeapCli; module Commands
     buffer = StringIO.new
     manager.nodes.keys.sort.each do |node_name|
       node = manager.nodes[node_name]
-      hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].join(',')
+      hostnames = [node.name, node.domain.internal, node.domain.full, node.ip_address].map {|hn|
+        if node.ssh.port == 22
+          hn
+        else
+          "[#{hn}]:#{node.ssh.port}"
+        end
+      }.join(',')
       pub_key = read_file([:node_ssh_pub_key,node.name])
       if pub_key
         buffer << [hostnames, pub_key].join(' ')
@@ -189,6 +195,9 @@ module LeapCli; module Commands
     assert_bin!('ssh-keyscan')
     output = assert_run! "ssh-keyscan -p #{port} -t ecdsa #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?"
     line = output.split("\n").grep(/^[^#]/).first
+    if line =~ /No route to host/
+      bail! :failed, 'ssh-keyscan: no route to %s' % address
+    end
     assert! line, "Got zero host keys back!"
     ip, key_type, public_key = line.split(' ')
     return SshKey.load(public_key, key_type)

diff --git a/lib/leap_cli/commands/shell.rb b/lib/leap_cli/commands/shell.rb
index 3a6cebcc14f3d58091d27e7e64c9480df9e9cffe..be51247b7d5b2ca0bf777ed991861929ce654052 100644 (file)
--- a/lib/leap_cli/commands/shell.rb
+++ b/lib/leap_cli/commands/shell.rb
@@ -38,18 +38,17 @@ module LeapCli; module Commands
     node = get_node_from_args(args)
     options = [
       "-o 'HostName=#{node.ip_address}'",
-      "-o 'HostKeyAlias=#{node.name}'",
-      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'"
+      # "-o 'HostKeyAlias=#{node.name}'", << oddly incompatible with ports in known_hosts file, so we must not use this or non-standard ports break.
+      "-o 'GlobalKnownHostsFile=#{path(:known_hosts)}'",
+      "-o 'UserKnownHostsFile=/dev/null'"
     ]
     if node.vagrant?
       options << "-i #{vagrant_ssh_key_file}"
-      options << "-o 'StrictHostKeyChecking=no'"      # \ together, these options allow us to just blindly accept
-      options << "-o 'UserKnownHostsFile=/dev/null'"  # / what pub key the vagrant node has. useful, because it is different for everyone.
+      options << "-o 'StrictHostKeyChecking=no'" # blindly accept host key and don't save it (since userknownhostsfile is /dev/null)
     else
       options << "-o 'StrictHostKeyChecking=yes'"
     end
     username = 'root'
-    # the echo sets the terminal title. it would be better to do this on the server
     ssh = "ssh -l #{username} -p #{node.ssh.port} #{options.join(' ')}"
     if cmd == :ssh
       command = "#{ssh} #{node.name}"

diff --git a/lib/leap_cli/util/remote_command.rb b/lib/leap_cli/util/remote_command.rb
index 1197bfe7aa2d0c8aed88bbc96f4e65c680561304..c24a543d2ebc59c6423eb060d22bc2faf9453dcd 100644 (file)
--- a/lib/leap_cli/util/remote_command.rb
+++ b/lib/leap_cli/util/remote_command.rb
@@ -64,7 +64,7 @@ module LeapCli; module Util; module RemoteCommand
     ssh_options_override ||= {}
     {
       :ssh_options => {
-        :host_key_alias => node.name,
+        # :host_key_alias => node.name, << incompatible with ports in known_hosts
         :host_name => node.ip_address,
         :port => node.ssh.port
       }.merge(contingent_ssh_options_for_node(node)).merge(ssh_options_override)