search

inspec / train

Transport Interface to unify communication over SSH, WinRM, and friends.
Apache License 2.0
119 stars 87 forks source link

Default user_known_hosts_file in ssh connect option should be nil instead of '/dev/null' #740

Open lytao opened 1 year ago

lytao commented 1 year ago

Hello,

I see knife bootstrap failed fingerprint verification even it is in my ~/.ssh/know_hosts file all the time:

The authenticity of host 'mytestserver (10.0.0.2)' can't be established.
fingerprint is SHA256:sMHpDhHtkcLG9S767Z8sOcTn3hL5N4Zhe40S7P48co8.

When I read into the code I see the option user_known_hosts_file is set default /dev/null in lib/train/transports/ssh.rb. It is not working because of the code slice in Net::SSH:

net-ssh/blob/master/lib/net/ssh/known_hosts.rb#L134

 files += Array(options[:user_known_hosts_file] || %w[~/.ssh/known_hosts ~/.ssh/known_hosts2]) if which == :all || which == :user

The file ~/.ssh/known_hosts never get chance to be loaded unless the user_known_hosts_file is set nil or false (nil is preferrable).

Could you please fix it?