mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-02 19:52:44 +01:00
e15fff00a6
Summary: Ref T13121. When you connect to a host with SSH, don't already know the host key, and don't have strict host key checking, it prints "Permanently adding host X to known hosts". This is super un-useful. In a perfect world, we'd probably always have strict host key checking, but this is a significant barrier to configuration/setup and I think not hugely important (MITM attacks against SSH hosts are hard/rare and probably not hugely valuable). I'd imagine a more realistic long term approach is likely optional host key checking. For now, try using `LogLevel=ERROR` instead of `LogLevel=quiet` to suppress this error. This should be strictly better (since at least some messages we want to see are ERROR or better), although it may not be perfect (there may be other INFO messages we would still like to see). Test Plan: - Ran `ssh -o LogLevel=... -o 'StrictHostKeyChecking=no' -o 'UserKnownHostsFile=/dev/null'` with bad credentials, for "ERROR", "quiet", and default ("INFO") log levels. - With `INFO`, got a warning about adding the key, then an error about bad credentials (bad: don't want the key warning). - With `quiet`, got nothing (bad: we want the credential error). - With `ERROR`, got no warning but did get an error (good!). Not sure this always gives us exactly what we want, but it seems like an improvement over "quiet". Reviewers: amckinley Reviewed By: amckinley Subscribers: PHID-OPKG-gm6ozazyms6q6i22gyam Maniphest Tasks: T13121 Differential Revision: https://secure.phabricator.com/D20240 |
||
|---|---|---|
| .. | ||
| command | ||
| filesystem | ||
| webroot | ||
| DrydockInterface.php | ||