Add know_hosts management, fix script copy

claudyus · Sep 12, 2017 · 691a843 · 691a843
1 parent 3441e52
commit 691a843
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -2,6 +2,6 @@ FROM alpine:latest
 
 RUN apk add --update openssh-client git && rm -rf /var/cache/apk/*
 
-COPY config.sh /ssh
+COPY config.sh /ssh/config.sh
 
 CMD ["ssh-agent"]
diff --git a/README.rst b/README.rst
@@ -19,3 +19,4 @@ Here some example, assuming gitlab-ci::
 The configuration script will use the following env variables::
 
  * SSH_PRIVATE_KEY: The private ssh key to use
+ * KNOW_HOSTS_LINE: (optional) The public key for the host, if not set host key checking will be disabled. To generate the correct know_hosts line use ```ssh-keyscan -t rsa -H <hostname_of_remote>```
diff --git a/config.sh b/config.sh
@@ -3,3 +3,12 @@
 eval $(ssh-agent -s)
 
 ssh-add <(echo $SSH_PRIVATE_KEY)
+
+# set or ignore know_hosts file
+mkdir -p ~/.ssh
+if [ $KNOW_HOSTS_LINE ]; then
+  echo $KNOW_HOSTS_LINE > ~/.ssh/known_hosts
+else
+  echo "WARNING: host key checking disabled (NOTE: makes you susceptible to man-in-the-middle attacks)"
+  echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
+fi