Enable to configure strict host key checking [closes #105]

Software should be secure by default, so the default option is to enable strict host key checking. When lowering security, the user should be aware of it and it should be his choice.
2024-05-24 09:22:14 +02:00 · 2016-07-14 15:51:41 +02:00 · 2016-07-14 15:51:41 +02:00 · 100a125ac5
parent 47e4d7c9a1
commit 100a125ac5
3 changed files with 12 additions and 2 deletions
--- a/Mage/Config.php
+++ b/Mage/Config.php
@ -388,6 +388,16 @@ class Config
        return $this->deployment('identity-file') ? ('-i ' . $this->deployment('identity-file') . ' ') : '';
    }

+    /**
+     * Get UserKnownHostsFile & StrictHostKeyChecking options
+     *
+     * @return string
+     */
+    public function getStrictHostCheckingOption()
+    {
+        return $this->general('ssh-strict-host-key-checking', true) ? '' : ' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ';
+    }
+
    /**
     * Get the ConnectTimeout option
     *
--- a/Mage/Task/AbstractTask.php
+++ b/Mage/Task/AbstractTask.php
@ -197,7 +197,7 @@ abstract class AbstractTask
        $needs_tty = ($this->getConfig()->general('ssh_needs_tty', false) ? '-t' : '');

        $localCommand = 'ssh ' . $this->getConfig()->getHostIdentityFileOption() . $needs_tty . ' -p ' . $this->getConfig()->getHostPort() . ' '
-            . '-q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no '
+            . $this->getConfig()->getStrictHostCheckingOption()
            . $this->getConfig()->getConnectTimeoutOption()
            . ($this->getConfig()->deployment('user') != '' ? $this->getConfig()->deployment('user') . '@' : '')
            . $this->getConfig()->getHostName();
--- a/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php
+++ b/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php
@ -95,7 +95,7 @@ class TarGzTask extends BaseStrategyTaskAbstract implements IsReleaseAware
        // Copy Tar Gz  to Remote Host
        $command = 'scp ' . $strategyFlags . ' ' . $this->getConfig()->getHostIdentityFileOption()
            . $this->getConfig()->getConnectTimeoutOption() . '-P ' . $this->getConfig()->getHostPort()
-            . " -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "
+            . $this->getConfig()->getStrictHostCheckingOption()
            . ' ' . $localTarGz . '.tar.gz '
            . $this->getConfig()->deployment('user') . '@' . $this->getConfig()->getHostName() . ':'
            . $deployToDirectory;