if the target node has already stored their SSH host key on pmxcfs, pin it and
ignore the global known hosts information.
Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
---
src/PVE/SSHInfo.pm | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/PVE/SSHInfo.pm b/src/PVE/SSHInfo.pm
index c351148..fad23bf 100644
--- a/src/PVE/SSHInfo.pm
+++ b/src/PVE/SSHInfo.pm
@@ -49,11 +49,24 @@ sub get_ssh_info {
sub ssh_info_to_command_base {
my ($info, @extra_options) = @_;
+
+ my $nodename = $info->{name};
+
+ my $known_hosts_file = "/etc/pve/nodes/$nodename/ssh_known_hosts";
+ my $known_hosts_options = undef;
+ if (-f $known_hosts_file) {
+ $known_hosts_options = [
+ '-o', "UserKnownHostsFile=$known_hosts_file",
+ '-o', 'GlobalKnownHostsFile=none',
+ ];
+ }
+
return [
'/usr/bin/ssh',
'-e', 'none',
'-o', 'BatchMode=yes',
- '-o', 'HostKeyAlias='.$info->{name},
+ '-o', 'HostKeyAlias='.$nodename,
+ defined($known_hosts_options) ? @$known_hosts_options : (),
@extra_options
];
}
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
