Host verification failed
327 views
Skip to first unread message
Lance.Haig
Jan 12, 2012, 5:52:09 PM1/12/12
to capis...@googlegroups.com
Hi All,
I was wondering if there was a Capistrano command that will allow you to
accept a host verification key?
I need to do this as part of a deploy.
Thanks
Lance
Lee Hambley
Jan 13, 2012, 3:40:55 AM1/13/12
to capis...@googlegroups.com
No Lance,
Sorry the process is such that if 9/10 times, to prepare the server for a deploy, someone has logged on by hand, and made the changes. What's your use-case? (First time in 5 years this has come up on the mailing list, perhaps I can help?)
- Lee
--* You received this message because you are subscribed to the Google Groups "Capistrano" group.* To post to this group, send email to capis...@googlegroups.com* To unsubscribe from this group, send email to capistrano+...@googlegroups.com For more options, visit this group at http://groups.google.com/group/capistrano?hl=en
Lance.Haig
Jan 13, 2012, 10:00:38 AM1/13/12
to capis...@googlegroups.com
Hi lee,
I am writing a cap deploy script for the gitlabhq project and part of the process is that one of the users it creates needs to be able to clone a repo from the localhost and as it has not had the host verification approved this part of the script fails.
if you want to see my code (it is not neat) you can find it here https://github.com/lhaig/gitlabhq
I hope that makes sense
Thanks for the help.
Lance
I am writing a cap deploy script for the gitlabhq project and part of the process is that one of the users it creates needs to be able to clone a repo from the localhost and as it has not had the host verification approved this part of the script fails.
if you want to see my code (it is not neat) you can find it here https://github.com/lhaig/gitlabhq
I hope that makes sense
Thanks for the help.
Lance
Haim Ashkenazi
Jan 13, 2012, 11:02:56 AM1/13/12
to capis...@googlegroups.com
Hi Lance,
Although it's very dangerous practice, if you know what you're doing you can use ssh options to not check host verification. You can do it in 2 places:
In $HOME/.ssh/config you can put something like this:
Host SOMEHOST
StrictHostKeyChecking no
In Capfile you can set ssh_options[:strict_host_key_checking] to no. I'm not sure about the name but you can check the Net::SSH API docs. I was able to something like this (ssh_options[:forward_agent] = true) and it worked great.
Again, Please consider all options as by setting this you loose a big part of your ability to tell a machine has been compromised.
A better option might be to use ssh-keyscan to populate your known_hosts keys, and then clone the repository.
HTH
Haim
Donovan Bray
Jan 13, 2012, 10:38:52 PM1/13/12
to capis...@googlegroups.com
You can also create a task that appends the known signature to the known hosts file before the task that needs it. This is allows you to actually vet those entries instead of blindly accept them.
Lance.Haig
Jan 14, 2012, 2:15:24 AM1/14/12
to capis...@googlegroups.com
Hi Buddy,
Thanks this is what I wanted. I thin the option in the cap file is the best as this is a one time deployment and the host key would be different for each server.
I do not anticipate the script being run more than once to set-up the server.
Thanks for the help
Lance
Thanks this is what I wanted. I thin the option in the cap file is the best as this is a one time deployment and the host key would be different for each server.
I do not anticipate the script being run more than once to set-up the server.
Thanks for the help
Lance
Lance.Haig
Jan 14, 2012, 2:18:45 AM1/14/12
to capis...@googlegroups.com
Hey Buddy,
Thanks for the help.
This will only be run once to set-up the account on the local host for a management account. As this will be run on a new server each time I am not sure how you would know the host key for it.
Regards
Lance
Thanks for the help.
This will only be run once to set-up the account on the local host for a management account. As this will be run on a new server each time I am not sure how you would know the host key for it.
Regards
Lance
Reply all
Reply to author
Forward
0 new messages