summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Harpin <development@landsofshadow.co.uk>2015-07-11 15:16:33 +0100
committerAlex Harpin <development@landsofshadow.co.uk>2015-07-11 15:16:33 +0100
commit6266be88206dffc82e8522e97db6718657443e0e (patch)
treec1ccfa2ef16438c082251454704d268b08981b9a
parent701083b7e8a5913f2748f9bcb3c51e6ebae6676b (diff)
downloadvyatta-config-mgmt-6266be88206dffc82e8522e97db6718657443e0e.tar.gz
vyatta-config-mgmt-6266be88206dffc82e8522e97db6718657443e0e.zip
vyatta-config-mgmt: config archive fails on unknown ssh host key
If the remote host configured for commit-archive hasn't been connected to before then it's host key is missing in known_hosts. If this is the case, then prompt the user to confirm the hosts authenticity after presenting them with the host keys fingerprint, inserting it into known_hosts and continuing with the archive if it's correct. Bug #517 http://bugzilla.vyos.net/show_bug.cgi?id=517
-rwxr-xr-xscripts/vyatta-commit-push.pl35
1 files changed, 31 insertions, 4 deletions
diff --git a/scripts/vyatta-commit-push.pl b/scripts/vyatta-commit-push.pl
index f501366..b85dd13 100755
--- a/scripts/vyatta-commit-push.pl
+++ b/scripts/vyatta-commit-push.pl
@@ -39,6 +39,7 @@ use File::Compare;
use File::Copy;
use URI;
use Sys::Hostname;
+use IO::Prompt;
my $debug = 0;
@@ -73,7 +74,7 @@ foreach my $uri (@uris) {
my $scheme = $u->scheme();
my $auth = $u->authority();
my $path = $u->path();
- my ($host, $remote) = ('', '');
+ my ($host, $remote, $cmd) = ('', '', '');
if (defined $auth and $auth =~ /.*\@(.*)/) {
$host = $1;
} else {
@@ -82,15 +83,41 @@ foreach my $uri (@uris) {
$remote .= "$scheme://$host";
$remote .= "$path" if defined $path;
print " $remote ";
- my $cmd = "curl -s -T $tmp_push_file $uri/$save_file";
+
+ my $rc = 0;
+ if ($scheme eq 'scp' ){
+ $cmd = "curl -s -S -T $tmp_push_file $uri/$save_file";
+ $rc = system($cmd);
+ if( $rc >> 8 == 51 ){
+ my $rsa_key = `ssh-keyscan -t rsa $host 2>/dev/null`;
+ print "The authenticity of host '$host' can't be established.\n";
+ my $fingerprint = `ssh-keygen -lf /dev/stdin <<< \"$rsa_key\" | awk {' print \$2 '}`;
+ chomp $fingerprint;
+ print "RSA key fingerprint is $fingerprint.\n";
+ if (prompt("Are you sure you want to continue connecting (yes/no) [Yes]? ", -tynd=>"y")) {
+ mkdir "$ENV{HOME}/.ssh/",0700 unless -d "$ENV{HOME}/.ssh";
+ open(my $known_hosts, ">>", "$ENV{HOME}/.ssh/known_hosts")
+ or die "Cannot open known_hosts: $!";
+ print $known_hosts "$rsa_key\n";
+ close($known_hosts);
+ $cmd = "curl -s -S -T $tmp_push_file $uri/$save_file";
+ $rc = system($cmd);
+ print "\n";
+ }
+ }
+ } else {
+ $cmd = "curl -s -T $tmp_push_file $uri/$save_file";
+ $rc = system($cmd);
+ }
+
print "cmd [$cmd]\n" if $debug;
- my $rc = system($cmd);
if ($rc eq 0) {
print " OK\n";
} else {
- print " failed\n";
+ print " Failed!\n";
}
}
+
move($tmp_push_file, $last_push_file);
exit 0;