[tck PATCH 12/12] Disable known hosts file

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Fri, 8 Jun 2018 14:45:51 +0100

Despite having StrictHostKeyChecking=no, SSH still complains about the
host key mismatch and disables password auth as a result. Using
/dev/null as the known_hosts file ensures the keys are never saved to
the user's profile.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 scripts/nwfilter/210-no-mac-spoofing.t  | 3 ++-
 scripts/nwfilter/220-no-ip-spoofing.t   | 3 ++-
 scripts/nwfilter/230-no-mac-broadcast.t | 3 ++-
 scripts/nwfilter/240-no-arp-spoofing.t  | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-no-mac-spoofing.t
index 99c5058..95b1499 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -97,7 +97,8 @@ diag "ssh'ing into $guestip";
 my $ssh = Net::OpenSSH->new($guestip,
                             user => "root",
                             password => $tck->root_password(),
-                            master_opts => [-o => "StrictHostKeyChecking=no"]);
+                            master_opts => [-o => "UserKnownHostsFile=/dev/null",
+                                            -o => "StrictHostKeyChecking=off"]);
 
 # now bring eth0 down, change MAC and bring it up again
 diag "fiddling with mac";
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-no-ip-spoofing.t
index 85c4807..a1da6eb 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -91,7 +91,8 @@ diag "ssh'ing into $guestip";
 my $ssh = Net::OpenSSH->new($guestip,
                             user => "root",
                             password => $tck->root_password(),
-                            master_opts => [-o => "StrictHostKeyChecking=no"]);
+                            master_opts => [-o => "UserKnownHostsFile=/dev/null",
+                                            -o => "StrictHostKeyChecking=no"]);
 
 # now bring eth0 down, change IP and bring it up again
 diag "preparing ip spoof";
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230-no-mac-broadcast.t
index b65b3fc..4254e7c 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -119,7 +119,8 @@ diag "ssh'ing into $guestip";
 my $ssh = Net::OpenSSH->new($guestip,
                             user => "root",
                             password => $tck->root_password(),
-                            master_opts =>  [-o => "StrictHostKeyChecking=no"]);
+                            master_opts =>  [-o => "UserKnownHostsFile=/dev/null",
+                                             -o => "StrictHostKeyChecking=no"]);
 
 # now generate a mac broadcast paket 
 diag "generate mac broadcast";
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t b/scripts/nwfilter/240-no-arp-spoofing.t
index 69851b6..882a385 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -100,7 +100,8 @@ diag "ssh'ing into $guestip";
 my $ssh = Net::OpenSSH->new($guestip,
                             user => "root",
                             password => $tck->root_password(),
-                            master_opts => [-o => "StrictHostKeyChecking=no"]);
+                            master_opts => [-o => "UserKnownHostsFile=/dev/null",
+                                            -o => "StrictHostKeyChecking=no"]);
 
 # now generate a arp spoofing packets 
 diag "generate arpspoof script";
-- 
2.17.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







