openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Use StrictHostKeyChecking=no in enable-ssh-admin.sh 

Use StrictHostKeyChecking=no to inject the temporary ssh key in
enable-ssh-admin.sh. The user provides the list of hosts for ssh, so we
can safely assume that they intend to ssh to those hosts.

Also, for the ovb case the hosts will have new host ssh keys which have
not yet been accepted.

Change-Id: Ia2a2d1e4c214d9d9190131c280a54eab066e3657
Closes-Bug: #1737027
This commit is contained in:
James Slagle 2017-12-07 14:50:47 -05:00
parent 2e6ea5f5dc
commit 08641d846a
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deployed-server/scripts/enable-ssh-admin.sh
View File

@ -57,7 +57,7 @@ for HOST in $OVERCLOUD_HOSTS; do
echo "Inserting TripleO short term key for $HOST"
# prepending an extra newline so that if authorized_keys didn't
# end with a newline previously, we don't end up garbling it up
ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
ssh -o StrictHostKeyChecking=no -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys"
done
echo "Starting ssh admin enablement workflow"

7
releasenotes/notes/use-strict-host-key-checking-no-766c6d9814243de3.yaml Normal file
View File

@ -0,0 +1,7 @@
---
fixes:
- Use StrictHostKeyChecking=no to inject the temporary ssh key in
enable-ssh-admin.sh. The user provides the list of hosts for ssh, so we can
safely assume that they intend to ssh to those hosts. Also, for the ovb
case the hosts will have new host ssh keys which have not yet been
accepted.