offload: Do not read ~/.ssh/known_hosts.

* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to 'make-session'.
2016-12-09 14:54:42 +01:00 · 2016-12-09 14:54:42 +01:00 · bd8345777f
commit bd8345777f
parent 750778abd4
1 changed files with 8 additions and 0 deletions
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@ -177,6 +177,14 @@ (define (open-ssh-session machine)
                               ;; #:log-verbosity 'protocol
                               #:identity (build-machine-private-key machine)

+                               ;; By default libssh reads ~/.ssh/known_hosts
+                               ;; and uses that to adjust its choice of cipher
+                               ;; suites, which changes the type of host key
+                               ;; that the server sends (RSA vs. Ed25519,
+                               ;; etc.).  Opt for something reproducible and
+                               ;; stateless instead.
+                               #:knownhosts "/dev/null"
+
                               ;; We need lightweight compression when
                               ;; exchanging full archives.
                               #:compression