From 66dc5814839adcf3934bca94e077761c9aa6d2fb Mon Sep 17 00:00:00 2001 From: Sean Buckley Date: Fri, 31 Mar 2023 11:31:56 -0400 Subject: [PATCH] deploy: fail if StrictHostKeyChecking != yes --- pkgs/deploy/deploy.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkgs/deploy/deploy.py b/pkgs/deploy/deploy.py index f3ef124..da40e5c 100755 --- a/pkgs/deploy/deploy.py +++ b/pkgs/deploy/deploy.py @@ -7,6 +7,12 @@ from subprocess import run, PIPE, STDOUT from sys import argv +def strict_host_key_checking(): + txt = run(["ssh", "-G", "localhost"], stdout=PIPE).stdout + if "stricthostkeychecking true" not in txt.decode("utf8").splitlines(): + raise RuntimeError("This script requires StrictHostKeyChecking") + + def get_deployment(): return loads( run( @@ -177,6 +183,7 @@ def main(): icon_bad = "\u274c" icon_good = "\u2705" +strict_host_key_checking() depl = get_deployment() if __name__ == "__main__": main()