From 08641d846ab8d51261eab0bee62a45e7955dd3f6 Mon Sep 17 00:00:00 2001 From: James Slagle Date: Thu, 7 Dec 2017 14:50:47 -0500 Subject: [PATCH] Use StrictHostKeyChecking=no in enable-ssh-admin.sh Use StrictHostKeyChecking=no to inject the temporary ssh key in enable-ssh-admin.sh. The user provides the list of hosts for ssh, so we can safely assume that they intend to ssh to those hosts. Also, for the ovb case the hosts will have new host ssh keys which have not yet been accepted. Change-Id: Ia2a2d1e4c214d9d9190131c280a54eab066e3657 Closes-Bug: #1737027 --- deployed-server/scripts/enable-ssh-admin.sh | 2 +- .../use-strict-host-key-checking-no-766c6d9814243de3.yaml | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/use-strict-host-key-checking-no-766c6d9814243de3.yaml diff --git a/deployed-server/scripts/enable-ssh-admin.sh b/deployed-server/scripts/enable-ssh-admin.sh index daff39079b..3a6c16b58b 100755 --- a/deployed-server/scripts/enable-ssh-admin.sh +++ b/deployed-server/scripts/enable-ssh-admin.sh @@ -57,7 +57,7 @@ for HOST in $OVERCLOUD_HOSTS; do echo "Inserting TripleO short term key for $HOST" # prepending an extra newline so that if authorized_keys didn't # end with a newline previously, we don't end up garbling it up - ssh -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys" + ssh -o StrictHostKeyChecking=no -i "$OVERCLOUD_SSH_KEY" -l "$OVERCLOUD_SSH_USER" "$HOST" "echo -e '\n$SHORT_TERM_KEY_PUBLIC_CONTENT' >> \$HOME/.ssh/authorized_keys" done echo "Starting ssh admin enablement workflow" diff --git a/releasenotes/notes/use-strict-host-key-checking-no-766c6d9814243de3.yaml b/releasenotes/notes/use-strict-host-key-checking-no-766c6d9814243de3.yaml new file mode 100644 index 0000000000..0e471b6a8a --- /dev/null +++ b/releasenotes/notes/use-strict-host-key-checking-no-766c6d9814243de3.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - Use StrictHostKeyChecking=no to inject the temporary ssh key in + enable-ssh-admin.sh. The user provides the list of hosts for ssh, so we can + safely assume that they intend to ssh to those hosts. Also, for the ovb + case the hosts will have new host ssh keys which have not yet been + accepted.