Use new Net:SSH host key verify values

Fixes #8482 by prompting to continue if the host key is not recognized. This attempts to tell Net:SSH to accept and write the key but it is only temporarily accepting. This changes the parameters of --ssh-verify-host-key (which is new) to take the Net::SSH values, which get passed through by train. This allows the user more options than only verifying or not. Signed-off-by: Bryan McLellan <btm@loftninjas.org>
author: Bryan McLellan <btm@loftninjas.org> 2019-05-13 13:36:18 -0400
committer: Bryan McLellan <btm@loftninjas.org> 2019-05-13 13:39:57 -0400
commit: f015d668e7661d9776fffcc6da012125f94704ea (patch)
tree: e750857433b7bd046a1af192ba7bc585ddd51f28
parent: 4e485c6944764bedb5e2b9b7b4ab9c5347df43d1 (diff)
download: chef-f015d668e7661d9776fffcc6da012125f94704ea.tar.gz
2 files changed, 32 insertions, 12 deletions
diff --git a/lib/chef/knife/bootstrap.rb b/lib/chef/knife/bootstrap.rb
index 59d7e7007c..c1ba864cea 100644
--- a/lib/chef/knife/bootstrap.rb
+++ b/lib/chef/knife/bootstrap.rb
@@ -88,7 +88,7 @@ class Chef
       option :winrm_auth_method,
         short: "-w AUTH-METHOD",
         long: "--winrm-auth-method AUTH-METHOD",
-        description: "The WinRM authentication method to use. Valid choices are #{friendly_opt_list(WINRM_AUTH_PROTOCOL_LIST)}.",
+        description: "The WinRM authentication method to use.",
         proc: Proc.new { |protocol| Chef::Config[:knife][:winrm_auth_method] = protocol },
         in: WINRM_AUTH_PROTOCOL_LIST
 
@@ -146,9 +146,9 @@ class Chef
         description: "The SSH identity file used for authentication."
 
       option :ssh_verify_host_key,
-        long: "--[no-]ssh-verify-host-key",
-        description: "Verify host key, enabled by default.",
-        boolean: true
+        long: "--ssh-verify-host-key VALUE",
+        description: "Verify host key. Default is 'always'.",
+        in: %w{always accept_new accept_new_or_local_tunnel never}
 
       #
       # bootstrap options
@@ -162,7 +162,7 @@ class Chef
 
       option :channel,
         long: "--channel CHANNEL",
-        description: "Install from the given channel.  Valid values are 'stable, 'current', and 'unstable'. Default is 'stable'",
+        description: "Install from the given channel. Default is 'stable'.",
         default: "stable",
         in: %w{stable current unstable}
 
@@ -549,7 +549,28 @@ class Chef
 
         $stdout.sync = true
         register_client
-        connect!
+        begin
+          connect!
+        rescue Train::Transports::SSHFailed => e
+          if e.message =~ /fingerprint (\S+) is unknown for "(.+)"/
+            fingerprint = $1
+            hostname,ip = $2.split(',')
+            puts "The authenticity of host '#{hostname} (#{ip})' can't be established."
+            # TODO: convert the SHA256 base64 value to hex with colons
+            # 'ssh' example output:
+            # RSA key fingerprint is e5:cb:c0:e2:21:3b:12:52:f8:ce:cb:00:24:e2:0c:92.
+            # ECDSA key fingerprint is 5d:67:61:08:a9:d7:01:fd:5e:ae:7e:09:40:ef:c0:3c.
+            puts "fingerprint is #{fingerprint}."
+            ui.confirm("Are you sure you want to continue connecting")
+            # FIXME: this should save the key to known_hosts but doesn't appear to be
+            config[:ssh_verify_host_key] = :accept_new
+            connection_opts(reset: true)
+            retry
+          end
+
+          raise e
+        end
+
         unless client_builder.client_path.nil?
           bootstrap_context.client_pem = client_builder.client_path
         end
@@ -781,8 +802,8 @@ class Chef
 
       # @return a configuration hash suitable for connecting to the remote
       # host via train
-      def connection_opts
-        return @connection_opts unless @connection_opts.nil?
+      def connection_opts(reset: false)
+        return @connection_opts unless @connection_opts.nil? || reset == true
         @connection_opts = {}
         @connection_opts.merge! base_opts
         @connection_opts.merge! host_verify_opts
@@ -824,8 +845,7 @@ class Chef
           { self_signed: config_value(:winrm_no_verify_cert) === true }
         elsif ssh?
           # Fall back to the old knife config key name for back compat.
-          { verify_host_key: config_value(:ssh_verify_host_key,
-                                          :host_key_verify, true) === true }
+          { verify_host_key: config_value(:ssh_verify_host_key, :host_key_verify, "always") }
         else
           {}
         end
diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb
index 5280e3b64b..e0157b83a5 100644
--- a/spec/unit/knife/bootstrap_spec.rb
+++ b/spec/unit/knife/bootstrap_spec.rb
@@ -1131,7 +1131,7 @@ describe Chef::Knife::Bootstrap do
               logger: Chef::Log,
               keys_only: false,
               sudo: false,
-              verify_host_key: true,
+              verify_host_key: "always",
               non_interactive: true,
             }
           end
@@ -1229,7 +1229,7 @@ describe Chef::Knife::Bootstrap do
         expect(knife.host_verify_opts).to eq( { verify_host_key: false } )
       end
       it "provides a correct default when no option given" do
-        expect(knife.host_verify_opts).to eq( { verify_host_key: true } )
+        expect(knife.host_verify_opts).to eq( { verify_host_key: "always"} )
       end
     end
   end
author	Bryan McLellan <btm@loftninjas.org>	2019-05-13 13:36:18 -0400
committer	Bryan McLellan <btm@loftninjas.org>	2019-05-13 13:39:57 -0400
commit	f015d668e7661d9776fffcc6da012125f94704ea (patch)
tree	e750857433b7bd046a1af192ba7bc585ddd51f28
parent	4e485c6944764bedb5e2b9b7b4ab9c5347df43d1 (diff)
download	chef-f015d668e7661d9776fffcc6da012125f94704ea.tar.gz