Commit Graph

7 Commits (95e3af3e0f6a054988591913a46c95b6aff94cb5)

Author SHA1 Message Date
Chris Francy a4b00793be
Update known_hosts module to better handle @cert-authority keys (#70340)
Signed-off-by: Chris Francy <zoredache@gmail.com>
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
1 year ago
Matt Clay 21fc699b77
Remove trailing spaces from lines in YAML (#80032) 2 years ago
sbettid de4ff281ab
Fix known_hosts changed status when removing non-existing key (#78748)
* Ensure no change is reported when removing missing key for host with other keys

Co-authored-by: Matt Martz <matt@sivel.net>
2 years ago
Matt Martz cad200406a
group2 - switch to setup_remote_tmp_dir instead of using output_dir (#76853)
* group2 - switch to setup_remote_tmp_dir instead of using output_dir

* output_file needs to be in the tmp dir

* Use comparison that should work with macos

* remove unused dep
3 years ago
Florian Apolloner 6cf341b40e Fixed hash_host option in known_hosts module. Fixes #44284 6 years ago
Sam Doran 13aff08748 Add better error messages and checking to known_hosts (#38307) 7 years ago
Marius Gedminas 2efb692cc4 known_hosts: support --diff (#20349)
* known_hosts: support --diff

* known_hosts: support --diff also without --check

* Add unit tests and fix incorrect diff in one corner case

Tests are good!

* Refactor for readability

* Python 3 compat

* More Python 3 compat

* Add an integration test for known_hosts

* Handle ssh-keygen -HF returning non-zero exit code

AFAICT this is a bug in ssh-keygen in some newer OpenSSH versions
(>= 6.4 probably; see commit dd9d5cc670):
when you invoke ssh-keygen with -H and -F <host> options, it always
returns exit code 1.  This is because in ssh-keygen.c there's a function
do_known_hosts() which calls

  exit (find_host && !ctx.found_key);

at the end, and find_host is 1 (because we passed -F on the command line),
but ctx.found_key is always 0.  Why is found_key always 0?  Because the
callback passed to hostkeys_foreach(), which is known_hosts_hash(),
never bothers to set found_key to 1.

* This test does not need root

* Avoid ssh-ed25519 keys in sample known_hosts file

Older versions of OpenSSH do not like them and ssh-keygen -HF
aborts with an error when it sees such keys:

  line 5 invalid key: example.net...
  /root/ansible_testing/known_hosts is not a valid known_hosts file.

* Fix Python 3 errors

Specifically, the default mode of tempfile.NamedTemporaryFile is 'w+b',
which means Python 3 wants us to write bytes objects to it -- but the
keys we have are all unicode strings.
8 years ago