Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

known_hosts entry with port not recognised #287

Closed
squaremo opened this issue Feb 9, 2021 · 0 comments · Fixed by #288
Closed

known_hosts entry with port not recognised #287

squaremo opened this issue Feb 9, 2021 · 0 comments · Fixed by #288
Labels
area/git Git related issues and pull requests bug Something isn't working

Comments

@squaremo
Copy link
Member

squaremo commented Feb 9, 2021

Writing tests for image-automation-controller, I find that the known_host matching in https://github.com/fluxcd/source-controller/blob/main/pkg/git/libgit2/transport.go#L176 will fail when used with a test server, for two reasons:

  • the test server listens on an ephemeral port, and the known_hosts generated by ssh.ScanHostKey includes the port, while the value passed to the callback does not;
  • fluxcd/pkg/ssh.ScanHostKey produces an entry with braces surrounding the IP address, like [127.0.0.1]:56464, which is not understood by the match procedure.

The second one is easily fixable. It's not obvious what to do about the first though -- the port seems like an important piece of information!
@hiddeco hiddeco mentioned this issue Feb 10, 2021
Merged
@hiddeco hiddeco added area/git Git related issues and pull requests bug Something isn't working labels Feb 10, 2021
squaremo added a commit to fluxcd/image-automation-controller that referenced this issue Feb 11, 2021
@squaremo
Replace hard-wired GitImpl'n to that from spec
5d9f0f9 
The "auth strategy", which depends on the GitImplementation, was
hard-wired to the "gogit" constant, but it should come from the
GitRepository spec. When the implementation is "libgit2" and the git
URL entails SSH, the result would normally include a callback for
checking the host key against known_hosts; but since it was
hard-wired, it was missing that callback.

This explains at least some instances of the error `user cancelled
hostkey check` from #106. The error, or a close relative, might also
arise if the callback rejects the host key because the host as it
appears in the known_hosts doesn't match that host as passed to the
callback -- see
fluxcd/source-controller#287.

Signed-off-by: Michael Bridgen <michael@weave.works>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/git Git related issues and pull requests bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

libgit2: use provided host to validate public key fluxcd/source-controller
2 participants
@squaremo @hiddeco