libkas: Do not overwrite existing .ssh/config

kas wrongly assumes so far that setting $HOME will also make ssh use the
kas provided $HOME/.ssh/ folder. But ssh will pick up the homedir from
/etc/passwd instead. This could cause kas to overwrite the users
~/.ssh/config when using SSH_PRIVATE_KEY*. We can try to cure ssh config
isolation, but that may cause surprises for users so far silently
relying on it.

For now, as a stable fix, avoid to cause damage to ~/.ssh/config in
cases where this is likely not desired, namely when there is already
config file. Warn if that file does not contain the generated content
from a previous run.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

kas/libkas.py

@@ -355,10 +355,21 @@ def ssh_no_host_key_check():
         Disables ssh host key check
     """
     home = os.path.expanduser('~')
-    if not os.path.exists(home + '/.ssh'):
+    ssh_dir = home + '/.ssh'
-        os.mkdir(home + '/.ssh')
+    if not os.path.exists(ssh_dir):
-    with open(home + '/.ssh/config', 'w') as fds:
+        os.mkdir(ssh_dir)
-        fds.write('Host *\n\tStrictHostKeyChecking no\n\n')
+    ssh_config = ssh_dir + "/config"
+    generated_content = 'Host *\n\tStrictHostKeyChecking no\n\n'
+    try:
+        with open(ssh_config, 'x') as fds:
+            fds.write(generated_content)
+    except FileExistsError:
+        with open(ssh_config, 'r') as fds:
+            content = fds.read()
+        if content != generated_content:
+            logging.warning("%s already exists, "
+                            "not touching it to disable StrictHostKeyChecking",
+                            ssh_config)
 
 
 def setup_parser_common_args(parser):