nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

offload: Do not read ~/.ssh/known_hosts. 

* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.
This commit is contained in:
Ludovic Courtès 2016-12-09 14:54:42 +01:00
parent 750778abd4
commit bd8345777f
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
guix/scripts/offload.scm
View File

@ -177,6 +177,14 @@ private key from '~a': ~a")
;; #:log-verbosity 'protocol ;; #:log-verbosity 'protocol
#:identity (build-machine-private-key machine) #:identity (build-machine-private-key machine)
;; By default libssh reads ~/.ssh/known_hosts
;; and uses that to adjust its choice of cipher
;; suites, which changes the type of host key
;; that the server sends (RSA vs. Ed25519,
;; etc.). Opt for something reproducible and
;; stateless instead.
#:knownhosts "/dev/null"
;; We need lightweight compression when ;; We need lightweight compression when
;; exchanging full archives. ;; exchanging full archives.
#:compression #:compression