func (s *SSHCommandSuite) TestSetStrictHostKeyChecking(c *gc.C) {
commandPattern := fmt.Sprintf("%s%%s -o PasswordAuthentication no -o ServerAliveInterval 30 localhost %s 123",
s.fakessh, echoCommand)
tests := []struct {
input ssh.StrictHostChecksOption
expected string
}{
{ssh.StrictHostChecksNo, "no"},
{ssh.StrictHostChecksYes, "yes"},
{ssh.StrictHostChecksAsk, "ask"},
{ssh.StrictHostChecksUnset, ""},
{ssh.StrictHostChecksOption(999), ""},
}
for _, t := range tests {
var opts ssh.Options
opts.SetStrictHostKeyChecking(t.input)
expectedOpt := ""
if t.expected != "" {
expectedOpt = " -o StrictHostKeyChecking " + t.expected
}
s.assertCommandArgs(c, s.commandOptions([]string{echoCommand, "123"}, &opts),
fmt.Sprintf(commandPattern, expectedOpt))
}
}
// getSSHOptions configures SSH options based on command line
// arguments and the SSH targets specified.
func (c *SSHCommon) getSSHOptions(enablePty bool, targets ...*resolvedTarget) (*ssh.Options, error) {
var options ssh.Options
if c.noHostKeyChecks {
options.SetStrictHostKeyChecking(ssh.StrictHostChecksNo)
options.SetKnownHostsFile("/dev/null")
} else {
knownHostsPath, err := c.generateKnownHosts(targets)
if err != nil {
return nil, errors.Trace(err)
}
// There might not be a custom known_hosts file if the SSH
// targets are specified using arbitrary hostnames or
// addresses. In this case, the user's personal known_hosts
// file is used.
if knownHostsPath != "" {
// When a known_hosts file has been generated, enforce
// strict host key checking.
options.SetStrictHostKeyChecking(ssh.StrictHostChecksYes)
options.SetKnownHostsFile(knownHostsPath)
} else {
// If the user's personal known_hosts is used, also use
// the user's personal StrictHostKeyChecking preferences.
options.SetStrictHostKeyChecking(ssh.StrictHostChecksUnset)
}
}
if enablePty {
options.EnablePTY()
}
if c.proxy {
if err := c.setProxyCommand(&options); err != nil {
return nil, err
}
}
return &options, nil
}
