From d44fcf2d5284bc94d73e5ad262894bae4b5360d9 Mon Sep 17 00:00:00 2001 From: Seth Vargo Date: Sun, 29 May 2016 17:58:44 -0400 Subject: [PATCH] Allow customization of keys_only & paranoid SSH This adds two new SSH configuration options: - `keys_only` - `paranoid` These values were previously hard-coded, but can now be user-specified. Fixes GH-4275 --- lib/vagrant/machine.rb | 2 ++ plugins/communicators/ssh/communicator.rb | 4 ++-- plugins/kernel_v2/config/ssh_connect.rb | 6 ++++++ website/source/docs/vagrantfile/ssh_settings.html.md | 10 ++++++++++ 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lib/vagrant/machine.rb b/lib/vagrant/machine.rb index f9ba4bcdf..de703842c 100644 --- a/lib/vagrant/machine.rb +++ b/lib/vagrant/machine.rb @@ -434,6 +434,8 @@ module Vagrant info[:host] ||= @config.ssh.default.host info[:port] ||= @config.ssh.default.port info[:private_key_path] ||= @config.ssh.default.private_key_path + info[:keys_only] ||= @config.ssh.default.keys_only + info[:paranoid] ||= @config.ssh.default.paranoid info[:username] ||= @config.ssh.default.username # We set overrides if they are set. These take precedence over diff --git a/plugins/communicators/ssh/communicator.rb b/plugins/communicators/ssh/communicator.rb index a9190f569..49d7eb1f1 100644 --- a/plugins/communicators/ssh/communicator.rb +++ b/plugins/communicators/ssh/communicator.rb @@ -335,8 +335,8 @@ module VagrantPlugins forward_agent: ssh_info[:forward_agent], send_env: ssh_info[:forward_env], keys: ssh_info[:private_key_path], - keys_only: true, - paranoid: false, + keys_only: ssh_info[:keys_only], + paranoid: ssh_info[:paranoid], password: ssh_info[:password], port: ssh_info[:port], timeout: 15, diff --git a/plugins/kernel_v2/config/ssh_connect.rb b/plugins/kernel_v2/config/ssh_connect.rb index 7b2ad68e5..d4cdba5c3 100644 --- a/plugins/kernel_v2/config/ssh_connect.rb +++ b/plugins/kernel_v2/config/ssh_connect.rb @@ -7,6 +7,8 @@ module VagrantPlugins attr_accessor :username attr_accessor :password attr_accessor :insert_key + attr_accessor :keys_only + attr_accessor :paranoid def initialize @host = UNSET_VALUE @@ -15,6 +17,8 @@ module VagrantPlugins @username = UNSET_VALUE @password = UNSET_VALUE @insert_key = UNSET_VALUE + @keys_only = UNSET_VALUE + @paranoid = UNSET_VALUE end def finalize! @@ -24,6 +28,8 @@ module VagrantPlugins @username = nil if @username == UNSET_VALUE @password = nil if @password == UNSET_VALUE @insert_key = true if @insert_key == UNSET_VALUE + @keys_only = true if @keys_only == UNSET_VALUE + @paranoid = false if @paranoid == UNSET_VALUE if @private_key_path && !@private_key_path.is_a?(Array) @private_key_path = [@private_key_path] diff --git a/website/source/docs/vagrantfile/ssh_settings.html.md b/website/source/docs/vagrantfile/ssh_settings.html.md index 1337547f6..88d94ab98 100644 --- a/website/source/docs/vagrantfile/ssh_settings.html.md +++ b/website/source/docs/vagrantfile/ssh_settings.html.md @@ -62,6 +62,16 @@ the machine, but replace it with perhaps a more secure key later.
+`config.ssh.keys_only` - Only use Vagrant-provided SSH private keys (do not use +any keys stored in ssh-agent). The default value is `true`.` + +
+ +`config.ssh.paranoid` - Perform strict host-key verification. The default value +is `true`. + +
+ `config.ssh.forward_agent` - If `true`, agent forwarding over SSH connections is enabled. Defaults to false.