diff --git a/plugins/kernel_v2/config/ssh_connect.rb b/plugins/kernel_v2/config/ssh_connect.rb index 616226154..c4c6fec0e 100644 --- a/plugins/kernel_v2/config/ssh_connect.rb +++ b/plugins/kernel_v2/config/ssh_connect.rb @@ -38,7 +38,7 @@ module VagrantPlugins @insert_key = true if @insert_key == UNSET_VALUE @keys_only = true if @keys_only == UNSET_VALUE @paranoid = false if @paranoid == UNSET_VALUE - @verify_host_key = false if @verify_host_key == UNSET_VALUE + @verify_host_key = :never if @verify_host_key == UNSET_VALUE @compression = true if @compression == UNSET_VALUE @dsa_authentication = true if @dsa_authentication == UNSET_VALUE @extra_args = nil if @extra_args == UNSET_VALUE @@ -51,6 +51,18 @@ module VagrantPlugins @verify_host_key = @paranoid end + # Values for verify_host_key changed in 5.0.0 of net-ssh. If old value + # detected, update with new value + case @verify_host_key + when true + @verify_host_key = :accepts_new_or_local_tunnel + when false + @verify_host_key = :never + when :very + @verify_host_key = :accept_new + when :secure + @verify_host_key = :always + end end # NOTE: This is _not_ a valid config validation method, since it diff --git a/test/unit/plugins/kernel_v2/config/ssh_connect_test.rb b/test/unit/plugins/kernel_v2/config/ssh_connect_test.rb new file mode 100644 index 000000000..0c2772b66 --- /dev/null +++ b/test/unit/plugins/kernel_v2/config/ssh_connect_test.rb @@ -0,0 +1,32 @@ +require File.expand_path("../../../../base", __FILE__) + +require Vagrant.source_root.join("plugins/kernel_v2/config/ssh_connect") + +describe VagrantPlugins::Kernel_V2::SSHConnectConfig do + subject { described_class.new } + + describe "#verify_host_key" do + it "defaults to :never" do + subject.finalize! + expect(subject.verify_host_key).to eq(:never) + end + + it "should modify true value to :accepts_new_or_local_tunnel" do + subject.verify_host_key = true + subject.finalize! + expect(subject.verify_host_key).to eq(:accepts_new_or_local_tunnel) + end + + it "should modify :very value to :accept_new" do + subject.verify_host_key = :very + subject.finalize! + expect(subject.verify_host_key).to eq(:accept_new) + end + + it "should modify :secure to :always" do + subject.verify_host_key = :secure + subject.finalize! + expect(subject.verify_host_key).to eq(:always) + end + end +end diff --git a/vagrant.gemspec b/vagrant.gemspec index edc12f032..d67d1e83c 100644 --- a/vagrant.gemspec +++ b/vagrant.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |s| s.add_dependency "listen", "~> 3.1.5" s.add_dependency "hashicorp-checkpoint", "~> 0.1.5" s.add_dependency "log4r", "~> 1.1.9", "< 1.1.11" - s.add_dependency "net-ssh", "~> 4.2.0" + s.add_dependency "net-ssh", "~> 5.0.0" s.add_dependency "net-sftp", "~> 2.1" s.add_dependency "net-scp", "~> 1.2.0" s.add_dependency "rb-kqueue", "~> 0.2.0" diff --git a/website/source/docs/vagrantfile/ssh_settings.html.md b/website/source/docs/vagrantfile/ssh_settings.html.md index 1529cebb5..810ed1b7d 100644 --- a/website/source/docs/vagrantfile/ssh_settings.html.md +++ b/website/source/docs/vagrantfile/ssh_settings.html.md @@ -68,7 +68,7 @@ any keys stored in ssh-agent). The default value is `true`.
`config.ssh.verify_host_key` - Perform strict host-key verification. The default -value is `false`. +value is `:never`.