From e3af001f53252e05cbaf7e6057ba13d96a4b6385 Mon Sep 17 00:00:00 2001 From: Jan Kiszka Date: Tue, 23 Nov 2021 18:11:32 +0100 Subject: [PATCH] libkas: Do not overwrite existing .ssh/config kas wrongly assumes so far that setting $HOME will also make ssh use the kas provided $HOME/.ssh/ folder. But ssh will pick up the homedir from /etc/passwd instead. This could cause kas to overwrite the users ~/.ssh/config when using SSH_PRIVATE_KEY*. We can try to cure ssh config isolation, but that may cause surprises for users so far silently relying on it. For now, as a stable fix, avoid to cause damage to ~/.ssh/config in cases where this is likely not desired, namely when there is already config file. Warn if that file does not contain the generated content from a previous run. Signed-off-by: Jan Kiszka --- kas/libkas.py | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/kas/libkas.py b/kas/libkas.py index 4eb48ac..01402fc 100644 --- a/kas/libkas.py +++ b/kas/libkas.py @@ -355,10 +355,21 @@ def ssh_no_host_key_check(): Disables ssh host key check """ home = os.path.expanduser('~') - if not os.path.exists(home + '/.ssh'): - os.mkdir(home + '/.ssh') - with open(home + '/.ssh/config', 'w') as fds: - fds.write('Host *\n\tStrictHostKeyChecking no\n\n') + ssh_dir = home + '/.ssh' + if not os.path.exists(ssh_dir): + os.mkdir(ssh_dir) + ssh_config = ssh_dir + "/config" + generated_content = 'Host *\n\tStrictHostKeyChecking no\n\n' + try: + with open(ssh_config, 'x') as fds: + fds.write(generated_content) + except FileExistsError: + with open(ssh_config, 'r') as fds: + content = fds.read() + if content != generated_content: + logging.warning("%s already exists, " + "not touching it to disable StrictHostKeyChecking", + ssh_config) def setup_parser_common_args(parser):