[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: offload: Do not read ~/.ssh/known_hosts.
From: |
Ludovic Courtès |
Subject: |
01/03: offload: Do not read ~/.ssh/known_hosts. |
Date: |
Fri, 9 Dec 2016 22:30:24 +0000 (UTC) |
civodul pushed a commit to branch master
in repository guix.
commit bd8345777f5a48ee61656248655ebac71a09e926
Author: Ludovic Courtès <address@hidden>
Date: Fri Dec 9 14:54:42 2016 +0100
offload: Do not read ~/.ssh/known_hosts.
* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.
---
guix/scripts/offload.scm | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index ebff116..f25cc5e 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -177,6 +177,14 @@ private key from '~a': ~a")
;; #:log-verbosity 'protocol
#:identity (build-machine-private-key machine)
+ ;; By default libssh reads ~/.ssh/known_hosts
+ ;; and uses that to adjust its choice of cipher
+ ;; suites, which changes the type of host key
+ ;; that the server sends (RSA vs. Ed25519,
+ ;; etc.). Opt for something reproducible and
+ ;; stateless instead.
+ #:knownhosts "/dev/null"
+
;; We need lightweight compression when
;; exchanging full archives.
#:compression