Use host key checking outside localhost

Verify ssh host keys, when connecting to a remote server.

The first connection will prompt, if not in known_hosts.

Signed-off-by: Anders F Björklund <[email protected]>

Author: afbjorklund

cmd/limactl/copy.go

@@ -52,6 +52,7 @@ func copyAction(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
+	instAddr := "127.0.0.1"
 	instDirs := make(map[string]string)
 	scpFlags := []string{}
 	scpArgs := []string{}
@@ -69,6 +70,7 @@ func copyAction(cmd *cobra.Command, args []string) error {
 	if sshutil.DetectOpenSSHVersion().LessThan(*semver.New("8.0.0")) {
 		legacySSH = true
 	}
+	localhostOnly := true
 	for _, arg := range args {
 		path := strings.Split(arg, ":")
 		switch len(path) {
@@ -92,6 +94,10 @@ func copyAction(cmd *cobra.Command, args []string) error {
 			} else {
 				scpArgs = append(scpArgs, fmt.Sprintf("scp://%s@%s:%d/%s", u.Username, inst.SSHAddress, inst.SSHLocalPort, path[1]))
 			}
+			if inst.SSHAddress != "127.0.0.1" {
+				instAddr = inst.SSHAddress
+				localhostOnly = false
+			}
 			instDirs[instName] = inst.Dir
 		default:
 			return fmt.Errorf("path %q contains multiple colons", arg)
@@ -109,14 +115,14 @@ func copyAction(cmd *cobra.Command, args []string) error {
 		// arguments such as ControlPath.  This is preferred as we can multiplex
 		// sessions without re-authenticating (MaxSessions permitting).
 		for _, instDir := range instDirs {
-			sshOpts, err = sshutil.SSHOpts(instDir, false, false, false, false)
+			sshOpts, err = sshutil.SSHOpts(instDir, false, instAddr, false, false, false)
 			if err != nil {
 				return err
 			}
 		}
 	} else {
 		// Copying among multiple hosts; we can't pass in host-specific options.
-		sshOpts, err = sshutil.CommonOpts(false)
+		sshOpts, err = sshutil.CommonOpts(false, localhostOnly)
 		if err != nil {
 			return err
 		}

cmd/limactl/shell.go

@@ -169,7 +169,7 @@ func shellAction(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	sshOpts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
+	sshOpts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.Address, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
 	if err != nil {
 		return err
 	}

cmd/limactl/show-ssh.go

@@ -92,7 +92,7 @@ func showSSHAction(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	opts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
+	opts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.Address, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
 	if err != nil {
 		return err
 	}

pkg/hostagent/hostagent.go

@@ -140,7 +140,7 @@ func New(instName string, stdout io.Writer, signalCh chan os.Signal, opts ...Opt
 		return nil, err
 	}
 
-	sshOpts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
+	sshOpts, err := sshutil.SSHOpts(inst.Dir, *y.SSH.LoadDotSSHPubKeys, *y.SSH.Address, *y.SSH.ForwardAgent, *y.SSH.ForwardX11, *y.SSH.ForwardX11Trusted)
 	if err != nil {
 		return nil, err
 	}

pkg/sshutil/sshutil.go

@@ -126,7 +126,7 @@ var sshInfo struct {
 //
 // The result always contains the IdentityFile option.
 // The result never contains the Port option.
-func CommonOpts(useDotSSH bool) ([]string, error) {
+func CommonOpts(useDotSSH, localhost bool) ([]string, error) {
 	configDir, err := dirnames.LimaConfigDir()
 	if err != nil {
 		return nil, err
@@ -181,14 +181,20 @@ func CommonOpts(useDotSSH bool) ([]string, error) {
 		}
 	}
 
+	if localhost {
+		opts = append(opts,
+			"StrictHostKeyChecking=no",
+			"UserKnownHostsFile=/dev/null",
+			"BatchMode=yes",
+		)
+	}
+
 	opts = append(opts,
-		"StrictHostKeyChecking=no",
-		"UserKnownHostsFile=/dev/null",
 		"NoHostAuthenticationForLocalhost=yes",
 		"GSSAPIAuthentication=no",
 		"PreferredAuthentications=publickey",
 		"Compression=no",
-		"BatchMode=yes",
+		"PasswordAuthentication=no",
 		"IdentitiesOnly=yes",
 	)
 
@@ -223,7 +229,7 @@ func CommonOpts(useDotSSH bool) ([]string, error) {
 }
 
 // SSHOpts adds the following options to CommonOptions: User, ControlMaster, ControlPath, ControlPersist.
-func SSHOpts(instDir string, useDotSSH, forwardAgent, forwardX11, forwardX11Trusted bool) ([]string, error) {
+func SSHOpts(instDir string, useDotSSH bool, hostAddress string, forwardAgent, forwardX11, forwardX11Trusted bool) ([]string, error) {
 	controlSock := filepath.Join(instDir, filenames.SSHSock)
 	if len(controlSock) >= osutil.UnixPathMax {
 		return nil, fmt.Errorf("socket path %q is too long: >= UNIX_PATH_MAX=%d", controlSock, osutil.UnixPathMax)
@@ -232,7 +238,7 @@ func SSHOpts(instDir string, useDotSSH, forwardAgent, forwardX11, forwardX11Trus
 	if err != nil {
 		return nil, err
 	}
-	opts, err := CommonOpts(useDotSSH)
+	opts, err := CommonOpts(useDotSSH, hostAddress == "127.0.0.1")
 	if err != nil {
 		return nil, err
 	}