diff options
| author | Hans Nilsson <[email protected]> | 2018-02-21 14:48:33 +0100 | 
|---|---|---|
| committer | Hans Nilsson <[email protected]> | 2018-02-21 14:48:58 +0100 | 
| commit | ed01a9d3f2614933d05e7d85b4bb3568c4e04cdb (patch) | |
| tree | b294c9d456844212c546c977cb691ae09d72a785 /lib/ssh | |
| parent | 309ef748ddc5bde4bcba280ce2739385f27a76e6 (diff) | |
| download | otp-ed01a9d3f2614933d05e7d85b4bb3568c4e04cdb.tar.gz otp-ed01a9d3f2614933d05e7d85b4bb3568c4e04cdb.tar.bz2 otp-ed01a9d3f2614933d05e7d85b4bb3568c4e04cdb.zip | |
ssh: Add option save_accepted_host
Diffstat (limited to 'lib/ssh')
| -rw-r--r-- | lib/ssh/doc/src/ssh.xml | 12 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_options.erl | 6 | ||||
| -rw-r--r-- | lib/ssh/src/ssh_transport.erl | 5 | ||||
| -rw-r--r-- | lib/ssh/test/ssh_options_SUITE.erl | 37 | 
4 files changed, 57 insertions, 3 deletions
| diff --git a/lib/ssh/doc/src/ssh.xml b/lib/ssh/doc/src/ssh.xml index 337f4094cc..acf94ff6af 100644 --- a/lib/ssh/doc/src/ssh.xml +++ b/lib/ssh/doc/src/ssh.xml @@ -227,6 +227,18 @@                </item>              </list>  	  </item> + +	  <tag><c><![CDATA[{save_accepted_host, boolean()}]]></c></tag> +	  <item> +	    <p>If <c>true</c>, the client saves an accepted host key to avoid the +	    accept question the next time the same host is connected. If the option +	    <c>key_cb</c> is not present, the key is saved in the file "known_hosts". +	    </p> +	    <p>If <c>false</c>, the key is not saved and the key will still be unknown +	    at the next access of the same host. +	    </p> +	  </item> +  	  <tag><c><![CDATA[{user_interaction, boolean()}]]></c></tag>  	  <item>  	    <p>If <c>false</c>, disables the client to connect to the server diff --git a/lib/ssh/src/ssh_options.erl b/lib/ssh/src/ssh_options.erl index 68c99743ee..cf1534bd78 100644 --- a/lib/ssh/src/ssh_options.erl +++ b/lib/ssh/src/ssh_options.erl @@ -439,6 +439,12 @@ default(client) ->              class => user_options             }, +      {save_accepted_host, def} => +          #{default => true, +            chk => fun erlang:is_boolean/1, +            class => user_options +           }, +        {pref_public_key_algs, def} =>            #{default => ssh_transport:default_algorithms(public_key),              chk => fun check_pref_public_key_algs/1, diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl index 154894cda8..a7f4854b4b 100644 --- a/lib/ssh/src/ssh_transport.erl +++ b/lib/ssh/src/ssh_transport.erl @@ -889,10 +889,13 @@ known_host_key(#ssh{opts = Opts, key_cb = {KeyCb,KeyCbOpts}, peer = {PeerName,_}  	{_,true} ->  	    ok;  	{_,false} -> +            DoAdd = ?GET_OPT(save_accepted_host, Opts),  	    case accepted_host(Ssh, PeerName, Public, Opts) of -		true -> +		true when DoAdd == true ->  		    {_,R} = add_host_key(KeyCb, PeerName, Public, [{key_cb_private,KeyCbOpts}|UserOpts]),                      R; +		true when DoAdd == false -> +                    ok;  		false ->  		    {error, rejected_by_user};                  {error,E} -> diff --git a/lib/ssh/test/ssh_options_SUITE.erl b/lib/ssh/test/ssh_options_SUITE.erl index 144ec7f8fd..18543f8cb9 100644 --- a/lib/ssh/test/ssh_options_SUITE.erl +++ b/lib/ssh/test/ssh_options_SUITE.erl @@ -70,7 +70,8 @@  	 hostkey_fingerprint_check_sha256/1,  	 hostkey_fingerprint_check_sha384/1,  	 hostkey_fingerprint_check_sha512/1, -	 hostkey_fingerprint_check_list/1 +	 hostkey_fingerprint_check_list/1, +         save_accepted_host_option/1  	]).  %%% Common test callbacks @@ -124,6 +125,7 @@ all() ->       id_string_own_string_server,       id_string_own_string_server_trail_space,       id_string_random_server, +     save_accepted_host_option,       {group, hardening_tests}      ]. @@ -211,7 +213,8 @@ init_per_testcase(_TestCase, Config) ->  end_per_testcase(TestCase, Config) when TestCase == server_password_option;  					TestCase == server_userpassword_option;  					TestCase == server_pwdfun_option; -					TestCase == server_pwdfun_4_option -> +					TestCase == server_pwdfun_4_option ; +                                        TestCase == save_accepted_host_option ->      UserDir = filename:join(proplists:get_value(priv_dir, Config), nopubkey),      ssh_test_lib:del_dirs(UserDir),      end_per_testcase(Config); @@ -1314,6 +1317,36 @@ try_to_connect(Connect, Host, Port, Pid, Tref, N) ->       end.  %%-------------------------------------------------------------------- +save_accepted_host_option(Config) -> +    PrivDir = proplists:get_value(priv_dir, Config), +    UserDir = filename:join(PrivDir, nopubkey), % to make sure we don't use public-key-auth +    KnownHosts = filename:join(UserDir, "known_hosts"), +    file:make_dir(UserDir), +    file:delete(KnownHosts), +    SysDir = proplists:get_value(data_dir, Config),	   +    {Pid, Host, Port} = ssh_test_lib:daemon([{system_dir, SysDir}, +					     {user_dir, UserDir}, +					     {user_passwords, [{"vego", "morot"}]} +                                            ]), +    {error,enoent} = file:read_file(KnownHosts), + +    {ok,_C1} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, +                                        {user, "vego"}, +                                        {password, "morot"}, +                                        {user_interaction, false}, +                                        {save_accepted_host, false}, +                                        {user_dir, UserDir}]), +    {error,enoent} = file:read_file(KnownHosts), +     +    {ok,_C2} = ssh:connect(Host, Port, [{silently_accept_hosts, true}, +                                        {user, "vego"}, +                                        {password, "morot"}, +                                        {user_interaction, false}, +                                        {user_dir, UserDir}]), +    {ok,_} = file:read_file(KnownHosts), +    ssh:stop_daemon(Pid). + +%%--------------------------------------------------------------------  %% Internal functions ------------------------------------------------  %%-------------------------------------------------------------------- | 
