mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-08 21:17:43 +03:00
2c36183a21
This commit fixes problem when host key is already added in SSH `known_hosts` file but SSH fails to validate this host key. NOTE: This problem manifests only when simulating 'accept-new' feature of the newer SSH (>v7.6) via 'Match' with 'ssh-keygen -F'. The cause of this problem is the fact that hostname is stored always in lowercase even if the hostname had an upcase character. It means that the record in `known_hosts` file for hostname `ABC` becomes something like 'abc,10.0.0.10' - which in turn is hashed... Therefore SSH with `HashKnownHosts=yes` is comparing wrong hashes: hash('ABC,10.0.0.10') vs hash('abc,10.0.0.10') Most likely a bug or an oversight in SSH. With this option disabled (`HashKnownHosts=no`) both upcased `ABC` and lowercased `abc` work. Example with *ENABLED* `HashKnownHosts=yes`: [oneadmin@ABC ~] hostname ABC [oneadmin@ABC ~] rm -f ~/.ssh/known_hosts [oneadmin@ABC ~] ssh-keyscan -H $(hostname) >> ~/.ssh/known_hosts [oneadmin@ABC ~]$ ssh ABC # this fails No ECDSA host key is known for abc and you have requested strict checking. Host key verification failed. [oneadmin@ABC ~]$ ssh abc # this works Warning: Permanently added 'abc,10.10.0.41' (ECDSA) to the list of known hosts. Last login: Mon Jun 15 04:32:38 2020 from ::1 [oneadmin@ABC ~]$ # success with lowercase hostname Signed-off-by: Petr Ospalý <pospaly@opennebula.io> |
||
---|---|---|
.. | ||
bin | ||
etc |