diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-12-09 14:54:42 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-12-09 23:02:01 +0100 |
commit | bd8345777f5a48ee61656248655ebac71a09e926 (patch) | |
tree | 1abc46059c87b7fc8fd608cf6dc2cf1f1570797b | |
parent | 750778abd4a5cb3d61317704cc1916a12e57799d (diff) | |
download | patches-bd8345777f5a48ee61656248655ebac71a09e926.tar patches-bd8345777f5a48ee61656248655ebac71a09e926.tar.gz |
offload: Do not read ~/.ssh/known_hosts.
* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.
-rw-r--r-- | guix/scripts/offload.scm | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm index ebff11664d..f25cc5e7bb 100644 --- a/guix/scripts/offload.scm +++ b/guix/scripts/offload.scm @@ -177,6 +177,14 @@ private key from '~a': ~a") ;; #:log-verbosity 'protocol #:identity (build-machine-private-key machine) + ;; By default libssh reads ~/.ssh/known_hosts + ;; and uses that to adjust its choice of cipher + ;; suites, which changes the type of host key + ;; that the server sends (RSA vs. Ed25519, + ;; etc.). Opt for something reproducible and + ;; stateless instead. + #:knownhosts "/dev/null" + ;; We need lightweight compression when ;; exchanging full archives. #:compression |