TakeV/guix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

offload: Do not read ~/.ssh/known_hosts.

Browse source 
* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.
This commit is contained in:
Ludovic Courtès 2016-12-09 14:54:42 +01:00
parent 750778abd4
commit bd8345777f
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
guix/scripts/offload.scm
View file

@ -177,6 +177,14 @@ (define (open-ssh-session machine)
;; #:log-verbosity 'protocol ;; #:log-verbosity 'protocol
#:identity (build-machine-private-key machine) #:identity (build-machine-private-key machine)
;; By default libssh reads ~/.ssh/known_hosts
;; and uses that to adjust its choice of cipher
;; suites, which changes the type of host key
;; that the server sends (RSA vs. Ed25519,
;; etc.). Opt for something reproducible and
;; stateless instead.
#:knownhosts "/dev/null"
;; We need lightweight compression when ;; We need lightweight compression when
;; exchanging full archives. ;; exchanging full archives.
#:compression #:compression