diff options
author | David Wittman <david@wittman.com> | 2016-11-28 14:55:01 -0600 |
---|---|---|
committer | jctanner <tanner.jc@gmail.com> | 2016-11-28 15:55:01 -0500 |
commit | c67315fc4e0c3bc5cb519ef2651cccf4bc659780 (patch) | |
tree | 95fbea61f1484975fafea1dd94353e00efee56a2 | |
parent | f98be8948bbfe6fe67cb0df1c32a7aebb711c9dc (diff) | |
download | ansible-modules-core-c67315fc4e0c3bc5cb519ef2651cccf4bc659780.tar.gz |
[git] Set IdentitiesOnly=yes when using key_file (#5682)
Sets the SSH option `IdentitiesOnly=yes` in the SSH wrapper when a
`key_file` is provided to the git module. This option ensures that
the provided key is used. Otherwise, the system's ssh-agent could
provide undesired identities when connecting.
From ssh_config(5):
> Specifies that ssh(1) should only use the authentication identity and
> certificate files explicitly configured in the ssh_config files or
> passed on the ssh(1) command-line, even if ssh-agent(1) or a
> PKCS11Provider offers more identities. The argument to this keyword
> must be “yes” or “no”. This option is intended for situations where
> ssh-agent offers many different identities. The default is “no”.
-rw-r--r-- | source_control/git.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/source_control/git.py b/source_control/git.py index 7b076576..5a4f66a6 100644 --- a/source_control/git.py +++ b/source_control/git.py @@ -320,7 +320,7 @@ fi if [ -z "$GIT_KEY" ]; then ssh $BASEOPTS "$@" else - ssh -i "$GIT_KEY" $BASEOPTS "$@" + ssh -i "$GIT_KEY" -o IdentitiesOnly=yes $BASEOPTS "$@" fi """ fh.write(template) |