diff options
| author | Alex Harpin <development@landsofshadow.co.uk> | 2015-07-11 15:16:33 +0100 |
|---|---|---|
| committer | Alex Harpin <development@landsofshadow.co.uk> | 2015-07-11 15:16:33 +0100 |
| commit | 6266be88206dffc82e8522e97db6718657443e0e (patch) | |
| tree | c1ccfa2ef16438c082251454704d268b08981b9a | |
| parent | 701083b7e8a5913f2748f9bcb3c51e6ebae6676b (diff) | |
| download | vyatta-config-mgmt-6266be88206dffc82e8522e97db6718657443e0e.tar.gz vyatta-config-mgmt-6266be88206dffc82e8522e97db6718657443e0e.zip | |
vyatta-config-mgmt: config archive fails on unknown ssh host key
If the remote host configured for commit-archive hasn't been connected
to before then it's host key is missing in known_hosts. If this is the
case, then prompt the user to confirm the hosts authenticity after
presenting them with the host keys fingerprint, inserting it into
known_hosts and continuing with the archive if it's correct.
Bug #517 http://bugzilla.vyos.net/show_bug.cgi?id=517
| -rwxr-xr-x | scripts/vyatta-commit-push.pl | 35 |
1 files changed, 31 insertions, 4 deletions
diff --git a/scripts/vyatta-commit-push.pl b/scripts/vyatta-commit-push.pl index f501366..b85dd13 100755 --- a/scripts/vyatta-commit-push.pl +++ b/scripts/vyatta-commit-push.pl @@ -39,6 +39,7 @@ use File::Compare; use File::Copy; use URI; use Sys::Hostname; +use IO::Prompt; my $debug = 0; @@ -73,7 +74,7 @@ foreach my $uri (@uris) { my $scheme = $u->scheme(); my $auth = $u->authority(); my $path = $u->path(); - my ($host, $remote) = ('', ''); + my ($host, $remote, $cmd) = ('', '', ''); if (defined $auth and $auth =~ /.*\@(.*)/) { $host = $1; } else { @@ -82,15 +83,41 @@ foreach my $uri (@uris) { $remote .= "$scheme://$host"; $remote .= "$path" if defined $path; print " $remote "; - my $cmd = "curl -s -T $tmp_push_file $uri/$save_file"; + + my $rc = 0; + if ($scheme eq 'scp' ){ + $cmd = "curl -s -S -T $tmp_push_file $uri/$save_file"; + $rc = system($cmd); + if( $rc >> 8 == 51 ){ + my $rsa_key = `ssh-keyscan -t rsa $host 2>/dev/null`; + print "The authenticity of host '$host' can't be established.\n"; + my $fingerprint = `ssh-keygen -lf /dev/stdin <<< \"$rsa_key\" | awk {' print \$2 '}`; + chomp $fingerprint; + print "RSA key fingerprint is $fingerprint.\n"; + if (prompt("Are you sure you want to continue connecting (yes/no) [Yes]? ", -tynd=>"y")) { + mkdir "$ENV{HOME}/.ssh/",0700 unless -d "$ENV{HOME}/.ssh"; + open(my $known_hosts, ">>", "$ENV{HOME}/.ssh/known_hosts") + or die "Cannot open known_hosts: $!"; + print $known_hosts "$rsa_key\n"; + close($known_hosts); + $cmd = "curl -s -S -T $tmp_push_file $uri/$save_file"; + $rc = system($cmd); + print "\n"; + } + } + } else { + $cmd = "curl -s -T $tmp_push_file $uri/$save_file"; + $rc = system($cmd); + } + print "cmd [$cmd]\n" if $debug; - my $rc = system($cmd); if ($rc eq 0) { print " OK\n"; } else { - print " failed\n"; + print " Failed!\n"; } } + move($tmp_push_file, $last_push_file); exit 0; |