~ruther/guix-local: offload: Do not read ~/.ssh/known_hosts.

bd8345777f5a48ee61656248655ebac71a09e926 — Ludovic Courtès 9 years ago 750778a

offload: Do not read ~/.ssh/known_hosts.

* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.

patch browse .tar.gz .zip

1 files changed, 8 insertions(+), 0 deletions(-)

M guix/scripts/offload.scm

M guix/scripts/offload.scm => guix/scripts/offload.scm +8 -0

@@ 177,6 177,14 @@ private key from '~a': ~a")
                                ;; #:log-verbosity 'protocol
                                #:identity (build-machine-private-key machine)
 
+                               ;; By default libssh reads ~/.ssh/known_hosts
+                               ;; and uses that to adjust its choice of cipher
+                               ;; suites, which changes the type of host key
+                               ;; that the server sends (RSA vs. Ed25519,
+                               ;; etc.).  Opt for something reproducible and
+                               ;; stateless instead.
+                               #:knownhosts "/dev/null"
+
                                ;; We need lightweight compression when
                                ;; exchanging full archives.
                                #:compression