[libvirt] [tck PATCH v2 11/15] scripts: disable known hosts file
Laine Stump
laine at laine.org
Fri Jun 8 15:29:35 UTC 2018
On 06/08/2018 10:55 AM, Daniel P. Berrangé wrote:
> Despite having StrictHostKeyChecking=no, SSH still complains about the
> host key mismatch and disables password auth as a result. Using
> /dev/null as the known_hosts file ensures the keys are never saved to
> the user's profile.
Interesting. I had thought that I had run on a machine that didn't have
anything in its known_hosts file. Maybe I've done something to my cached
test image that causes it to succeed?
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
Reviewed-by: Laine Stump <laine at laine.org>
(really what we should be doing for these tests is to connect to the
guest's serial console, especially for no-ip-spoofing and
no-mac-spoofing, since they actually make the guest unreachable for a
short time. But what we have now works, so there's lots more important
things to worry about...)
> ---
> scripts/nwfilter/210-no-mac-spoofing.t | 3 ++-
> scripts/nwfilter/220-no-ip-spoofing.t | 3 ++-
> scripts/nwfilter/230-no-mac-broadcast.t | 3 ++-
> scripts/nwfilter/240-no-arp-spoofing.t | 3 ++-
> 4 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-no-mac-spoofing.t
> index 99c5058..95b1499 100644
> --- a/scripts/nwfilter/210-no-mac-spoofing.t
> +++ b/scripts/nwfilter/210-no-mac-spoofing.t
> @@ -97,7 +97,8 @@ diag "ssh'ing into $guestip";
> my $ssh = Net::OpenSSH->new($guestip,
> user => "root",
> password => $tck->root_password(),
> - master_opts => [-o => "StrictHostKeyChecking=no"]);
> + master_opts => [-o => "UserKnownHostsFile=/dev/null",
> + -o => "StrictHostKeyChecking=off"]);
>
> # now bring eth0 down, change MAC and bring it up again
> diag "fiddling with mac";
> diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t
> index 85c4807..a1da6eb 100644
> --- a/scripts/nwfilter/220-no-ip-spoofing.t
> +++ b/scripts/nwfilter/220-no-ip-spoofing.t
> @@ -91,7 +91,8 @@ diag "ssh'ing into $guestip";
> my $ssh = Net::OpenSSH->new($guestip,
> user => "root",
> password => $tck->root_password(),
> - master_opts => [-o => "StrictHostKeyChecking=no"]);
> + master_opts => [-o => "UserKnownHostsFile=/dev/null",
> + -o => "StrictHostKeyChecking=no"]);
>
> # now bring eth0 down, change IP and bring it up again
> diag "preparing ip spoof";
> diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230-no-mac-broadcast.t
> index b65b3fc..4254e7c 100644
> --- a/scripts/nwfilter/230-no-mac-broadcast.t
> +++ b/scripts/nwfilter/230-no-mac-broadcast.t
> @@ -119,7 +119,8 @@ diag "ssh'ing into $guestip";
> my $ssh = Net::OpenSSH->new($guestip,
> user => "root",
> password => $tck->root_password(),
> - master_opts => [-o => "StrictHostKeyChecking=no"]);
> + master_opts => [-o => "UserKnownHostsFile=/dev/null",
> + -o => "StrictHostKeyChecking=no"]);
>
> # now generate a mac broadcast paket
> diag "generate mac broadcast";
> diff --git a/scripts/nwfilter/240-no-arp-spoofing.t b/scripts/nwfilter/240-no-arp-spoofing.t
> index 69851b6..882a385 100644
> --- a/scripts/nwfilter/240-no-arp-spoofing.t
> +++ b/scripts/nwfilter/240-no-arp-spoofing.t
> @@ -100,7 +100,8 @@ diag "ssh'ing into $guestip";
> my $ssh = Net::OpenSSH->new($guestip,
> user => "root",
> password => $tck->root_password(),
> - master_opts => [-o => "StrictHostKeyChecking=no"]);
> + master_opts => [-o => "UserKnownHostsFile=/dev/null",
> + -o => "StrictHostKeyChecking=no"]);
>
> # now generate a arp spoofing packets
> diag "generate arpspoof script";
More information about the libvir-list
mailing list