F #1473: Add oneadmin's SSH config (#4668)

Signed-off-by: Petr Ospalý <pospaly@opennebula.io> Co-authored-by: Vlastimil Holer <vholer@opennebula.io>
2024-12-23 17:33:56 +03:00 · 2020-05-11 19:05:34 +02:00 · 2020-05-11 19:05:34 +02:00 · 448beb80fc
commit 448beb80fc
parent 203094ddd0
4 changed files with 42 additions and 3 deletions
--- a/share/pkgs/ssh/config
+++ b/share/pkgs/ssh/config
@ -0,0 +1,14 @@
+# Initial default configuration placed by opennebula-common
+# package. Latest default configurations are located in
+# /usr/share/one/ssh/.
+
+#####################################################################
+# WARNING: This configuration file is ONLY for OpenSSH 7.6 and newer!
+#####################################################################
+
+Host *
+  # since SSH version 7.6+
+  StrictHostKeyChecking accept-new
+  ControlMaster auto
+  ControlPath ~/.ssh-%C
+  ControlPersist 5s
--- a/share/pkgs/ssh/config-pre7.6
+++ b/share/pkgs/ssh/config-pre7.6
@ -0,0 +1,25 @@
+# Initial default configuration placed by opennebula-common
+# package. Latest default configurations are located in
+# /usr/share/one/ssh/.
+
+#####################################################################
+# WARNING: This configuration file is for OpenSSH before 7.6!
+#####################################################################
+
+# Workaround for OpenSSH version <7.6 which does not support:
+#   StrictHostKeyChecking accept-new
+#
+# We check if remote host key is not already in the known hosts and
+# if NOT, we expect this is the very first access and accept the key.
+# All further accesses already use strict host key checking.
+Match !exec "ssh-keygen -F %h 2>/dev/null || ssh-keygen -F %h -f /etc/ssh/ssh_known_hosts 2>/dev/null"
+  StrictHostKeyChecking no
+  ControlMaster auto
+  ControlPath ~/.ssh-%C
+  ControlPersist 5s
+
+Host *
+  StrictHostKeyChecking yes
+  ControlMaster auto
+  ControlPath ~/.ssh-%C
+  ControlPersist 5s
--- a/src/mad/ruby/ssh_stream.rb
+++ b/src/mad/ruby/ssh_stream.rb
@ -189,7 +189,7 @@ class SshStream

    def ssh_cmd
        if @forward
-            SSH_CMD + ' -o ForwardAgent=yes'
+            SSH_CMD + ' -o ForwardAgent=yes -o ControlMaster=no -o ControlPath=none'
        else
            SSH_CMD
        end
--- a/src/mad/sh/scripts_common.sh
+++ b/src/mad/sh/scripts_common.sh
@ -46,10 +46,10 @@ READLINK=${READLINK:-readlink}
 RM=${RM:-rm}
 CP=${CP:-cp}
 SCP=${SCP:-scp}
-SCP_FWD=${SCP_FWD:-scp -o ForwardAgent=yes}
+SCP_FWD=${SCP_FWD:-scp -o ForwardAgent=yes -o ControlMaster=no -o ControlPath=none}
 SED=${SED:-sed}
 SSH=${SSH:-ssh}
-SSH_FWD=${SSH_FWD:-ssh -o ForwardAgent=yes}
+SSH_FWD=${SSH_FWD:-ssh -o ForwardAgent=yes -o ControlMaster=no -o ControlPath=none}
 SUDO=${SUDO:-sudo -n}
 SYNC=${SYNC:-sync}
 TAR=${TAR:-tar}