From 100a125ac5fafbf64312b0ecc6111742dd47f66a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Vod=C3=A1=C4=8Dek?= <ondrej.vodacek@gmail.com>
Date: Thu, 14 Jul 2016 15:51:41 +0200
Subject: [PATCH] Enable to configure strict host key checking [closes #105]

Software should be secure by default, so the default option is to enable
strict host key checking. When lowering security, the user should be
aware of it and it should be his choice.
---
 Mage/Config.php                                     | 10 ++++++++++
 Mage/Task/AbstractTask.php                          |  2 +-
 Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/Mage/Config.php b/Mage/Config.php
index 3f70f6c..a95039d 100644
--- a/Mage/Config.php
+++ b/Mage/Config.php
@@ -388,6 +388,16 @@ class Config
         return $this->deployment('identity-file') ? ('-i ' . $this->deployment('identity-file') . ' ') : '';
     }
 
+    /**
+     * Get UserKnownHostsFile & StrictHostKeyChecking options
+     *
+     * @return string
+     */
+    public function getStrictHostCheckingOption()
+    {
+        return $this->general('ssh-strict-host-key-checking', true) ? '' : ' -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ';
+    }
+
     /**
      * Get the ConnectTimeout option
      *
diff --git a/Mage/Task/AbstractTask.php b/Mage/Task/AbstractTask.php
index ec1d4e0..6b40747 100644
--- a/Mage/Task/AbstractTask.php
+++ b/Mage/Task/AbstractTask.php
@@ -197,7 +197,7 @@ abstract class AbstractTask
         $needs_tty = ($this->getConfig()->general('ssh_needs_tty', false) ? '-t' : '');
 
         $localCommand = 'ssh ' . $this->getConfig()->getHostIdentityFileOption() . $needs_tty . ' -p ' . $this->getConfig()->getHostPort() . ' '
-            . '-q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no '
+            . $this->getConfig()->getStrictHostCheckingOption()
             . $this->getConfig()->getConnectTimeoutOption()
             . ($this->getConfig()->deployment('user') != '' ? $this->getConfig()->deployment('user') . '@' : '')
             . $this->getConfig()->getHostName();
diff --git a/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php b/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php
index 1f741a2..66467c5 100644
--- a/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php
+++ b/Mage/Task/BuiltIn/Deployment/Strategy/TarGzTask.php
@@ -95,7 +95,7 @@ class TarGzTask extends BaseStrategyTaskAbstract implements IsReleaseAware
         // Copy Tar Gz  to Remote Host
         $command = 'scp ' . $strategyFlags . ' ' . $this->getConfig()->getHostIdentityFileOption()
             . $this->getConfig()->getConnectTimeoutOption() . '-P ' . $this->getConfig()->getHostPort()
-            . " -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no "
+            . $this->getConfig()->getStrictHostCheckingOption()
             . ' ' . $localTarGz . '.tar.gz '
             . $this->getConfig()->deployment('user') . '@' . $this->getConfig()->getHostName() . ':'
             . $deployToDirectory;