|
28 | 28 | options[:port] = node_config.dig('ssh', 'port') unless node_config.dig('ssh', 'port').nil? |
29 | 29 | options[:keys] = node_config.dig('ssh', 'private-key') unless node_config.dig('ssh', 'private-key').nil? |
30 | 30 | options[:password] = node_config.dig('ssh', 'password') unless node_config.dig('ssh', 'password').nil? |
31 | | - options[:verify_host_key] = Net::SSH::Verifiers::Null.new unless node_config.dig('ssh', 'host-key-check').nil? |
| 31 | + # Support both net-ssh 4 and 5. |
| 32 | + # rubocop:disable Metrics/BlockNesting |
| 33 | + options[:verify_host_key] = if node_config.dig('ssh', 'host-key-check').nil? |
| 34 | + # Fall back to SSH behavior. This variable will only be set in net-ssh 5.3+. |
| 35 | + if @strict_host_key_checking.nil? || @strict_host_key_checking |
| 36 | + Net::SSH::Verifiers::Always.new |
| 37 | + else |
| 38 | + # SSH's behavior with StrictHostKeyChecking=no: adds new keys to known_hosts. |
| 39 | + # If known_hosts points to /dev/null, then equivalent to :never where it |
| 40 | + # accepts any key beacuse they're all new. |
| 41 | + Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new |
| 42 | + end |
| 43 | + elsif node_config.dig('ssh', 'host-key-check') |
| 44 | + if defined?(Net::SSH::Verifiers::Always) |
| 45 | + Net::SSH::Verifiers::Always.new |
| 46 | + else |
| 47 | + Net::SSH::Verifiers::Secure.new |
| 48 | + end |
| 49 | + elsif defined?(Net::SSH::Verifiers::Never) |
| 50 | + Net::SSH::Verifiers::Never.new |
| 51 | + else |
| 52 | + Net::SSH::Verifiers::Null.new |
| 53 | + end |
| 54 | + # rubocop:enable Metrics/BlockNesting |
32 | 55 | host = if ENV['TARGET_HOST'].include?(':') |
33 | 56 | ENV['TARGET_HOST'].split(':').first |
34 | 57 | else |
|
0 commit comments