else
options << "-o 'StrictHostKeyChecking=yes'"
end
+ if !node.supported_ssh_host_key_algorithms.empty?
+ options << "-o 'HostKeyAlgorithms=#{node.supported_ssh_host_key_algorithms}'"
+ end
username = 'root'
if LeapCli.log_level >= 3
options << "-vv"
def test_dependencies
[]
end
+
+ # returns a string list of supported ssh host key algorithms for this node.
+ # or an empty string if it could not be determined
+ def supported_ssh_host_key_algorithms
+ @host_key_algo ||= SshKey.supported_host_key_algorithms(
+ Util.read_file([:node_ssh_pub_key, @node.name])
+ )
+ end
+
end
end; end
return keys.map{|k| SshKey.load(k[1], k[0])}
end
+ #
+ # takes a string with one or more ssh keys, one key per line,
+ # and returns a string that specified the ssh key algorithms
+ # that are supported by the keys, in order of preference.
+ #
+ # eg: ecdsa-sha2-nistp256,ssh-rsa,ssh-ed25519
+ #
+ def self.supported_host_key_algorithms(string)
+ if string
+ self.parse_keys(string).map {|key|
+ key.type
+ }.join(',')
+ else
+ ""
+ end
+ end
+
##
## INSTANCE METHODS
##
opts[:verbose] = :error # suppress all the warnings about adding host keys to known_hosts, since it is not actually doing that.
end
end
+ if !node.supported_ssh_host_key_algorithms.empty?
+ opts[:host_key] = node.supported_ssh_host_key_algorithms
+ end
return opts
end
projects / leap / leap_cli.git / commitdiff