TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-03-01 19:51:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmd/tailscale: [ssh] enable StrictHostKeyChecking mode

Browse Source 
Updates #3802

Signed-off-by: Maisem Ali <maisem@tailscale.com>
This commit is contained in:
Maisem Ali 2022-04-18 09:52:52 -07:00 committed by Maisem Ali
parent 8f5e5bff1e
commit 945879fa38
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/tailscale/cli/ssh.go
View File

@ -79,9 +79,13 @@ func runSSH(ctx context.Context, args []string) error {
argv := append([]string{ argv := append([]string{
ssh, ssh,
// Only trust SSH hosts that we know about.
"-o", fmt.Sprintf("UserKnownHostsFile %s", "-o", fmt.Sprintf("UserKnownHostsFile %s",
shellescape.Quote(knownHostsFile), shellescape.Quote(knownHostsFile),
), ),
"-o", "UpdateHostKeys no",
"-o", "StrictHostKeyChecking yes",
"-o", fmt.Sprintf("ProxyCommand %s --socket=%s nc %%h %%p", "-o", fmt.Sprintf("ProxyCommand %s --socket=%s nc %%h %%p",
shellescape.Quote(tailscaleBin), shellescape.Quote(tailscaleBin),
shellescape.Quote(rootArgs.socket), shellescape.Quote(rootArgs.socket),