joshuaboniface/bbuilder
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve handling of SSH host keys

Browse Source 
1. Use StrictHostKeyChecking=accept-new to implicitly accept new SSH
host keys, preventing us from having to do this manually.

2. Use VerifyHostKeyDNS=yes to allow verification of DNSSEC-signed SSHFP
records, if available.
This commit is contained in:
Joshua Boniface
2021-10-31 02:24:28 -04:00
parent e9759a08c2
commit 483f357f2b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bbuilder/lib/worker.py
View File

@@ -99,7 +99,7 @@ def clone_repository(clone_url, config):
print(f"Cloning repository...") print(f"Cloning repository...")
if config['ssh_key'] is not None: if config['ssh_key'] is not None:
ssh_key_file = config['ssh_key'] ssh_key_file = config['ssh_key']
os.environ['GIT_SSH_COMMAND'] = f'ssh -i {ssh_key_file} -o IdentitiesOnly=yes' os.environ['GIT_SSH_COMMAND'] = f'ssh -i {ssh_key_file} -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o VerifyHostKeyDNS=yes'
os.system(f'git clone {clone_url} repo') os.system(f'git clone {clone_url} repo')