From a1854bb76238417f816d0508883db9e2cf674b1b Mon Sep 17 00:00:00 2001 From: Iordan Iordanov Date: Mon, 24 Feb 2014 16:05:03 -0500 Subject: [PATCH] Add support for checking host against global known host files. --- lib/ansible/runner/connection_plugins/ssh.py | 63 ++++++++++++-------- 1 file changed, 37 insertions(+), 26 deletions(-) diff --git a/lib/ansible/runner/connection_plugins/ssh.py b/lib/ansible/runner/connection_plugins/ssh.py index c5fab75ce16..22189caadf3 100644 --- a/lib/ansible/runner/connection_plugins/ssh.py +++ b/lib/ansible/runner/connection_plugins/ssh.py @@ -118,35 +118,46 @@ class Connection(object): def not_in_host_file(self, host): if 'USER' in os.environ: - host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") + user_host_file = os.path.expandvars("~${USER}/.ssh/known_hosts") else: - host_file = "~/.ssh/known_hosts" - host_file = os.path.expanduser(host_file) - if not os.path.exists(host_file): - print "previous known host file not found" - return True - host_fh = open(host_file) - data = host_fh.read() - host_fh.close() - for line in data.split("\n"): - if line is None or line.find(" ") == -1: + user_host_file = "~/.ssh/known_hosts" + user_host_file = os.path.expanduser(user_host_file) + + host_file_list = [] + host_file_list.append(user_host_file) + host_file_list.append("/etc/ssh/ssh_known_hosts") + host_file_list.append("/etc/ssh/ssh_known_hosts2") + + hfiles_not_found = 0 + for hf in host_file_list: + if not os.path.exists(hf): + hfiles_not_found += 1 continue - tokens = line.split() - if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: - # this is a hashed known host entry - try: - (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) - hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) - hash.update(host) - if hash.digest() == kn_host.decode('base64'): - return False - except: - # invalid hashed host key, skip it + host_fh = open(hf) + data = host_fh.read() + host_fh.close() + for line in data.split("\n"): + if line is None or line.find(" ") == -1: continue - else: - # standard host file entry - if host in tokens[0]: - return False + tokens = line.split() + if tokens[0].find(self.HASHED_KEY_MAGIC) == 0: + # this is a hashed known host entry + try: + (kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2) + hash = hmac.new(kn_salt.decode('base64'), digestmod=sha1) + hash.update(host) + if hash.digest() == kn_host.decode('base64'): + return False + except: + # invalid hashed host key, skip it + continue + else: + # standard host file entry + if host in tokens[0]: + return False + + if (hfiles_not_found == len(host_file_list)): + print "previous known host file not found" return True def exec_command(self, cmd, tmp_path, sudo_user=None, sudoable=False, executable='/bin/sh', in_data=None, su_user=None, su=False):