From 1d9f10a1356df1862bfff4f3031011403ddfe0bd Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 3 Jun 2023 14:23:33 +0300 Subject: sshtunnel: StrictHostKeyChecking for Dropbear The dbclient doesn't support the -o StrictHostKeyChecking but it has it's own -y option: -y Always accept remote host key if unknown -y -y Don't perform any remote host key checking (caution) So we can add these options to make the StrictHostKeyChecking working. The dbclient will ignore -o StrictHostKeyChecking but use the -y or -yy instead. The only problem is that the -y flag is also used by the openssh-client: -y Send log information using the syslog(3) system module. By default this information is sent to stderr. This is not critical and once the dbclient start to support the StrictHostKeyChecking we can remove the -y flag. Signed-off-by: Sergey Ponomarev --- net/sshtunnel/files/sshtunnel.init | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/sshtunnel/files/sshtunnel.init') diff --git a/net/sshtunnel/files/sshtunnel.init b/net/sshtunnel/files/sshtunnel.init index 480933ede..144d447e8 100644 --- a/net/sshtunnel/files/sshtunnel.init +++ b/net/sshtunnel/files/sshtunnel.init @@ -180,6 +180,9 @@ load_server() { # dropbear doesn't support -o IdentityFile so use -i instead [ -n "$IdentityFile" ] && ARGS_options="$ARGS_options -i $IdentityFile" + # dbclient doesn't support StrictHostKeyChecking but it has the -y option that works same + [ "$StrictHostKeyChecking" = "accept-new" ] && ARGS_options="$ARGS_options -y" + [ "$StrictHostKeyChecking" = "no" ] && ARGS_options="$ARGS_options -yy" ARGS="$ARGS_options -o ExitOnForwardFailure=yes -o BatchMode=yes -nN $ARGS_tunnels -p $port $user@$hostname" procd_open_instance "$server" -- cgit v1.2.3