remote_client support strict_host_key_checking (#637)

* fix: conf path * fix: conf path * remote_client support strict_host_key_checking
oceanbase · Dec 18, 2024 · c224ca9 · c224ca9
1 parent c7bfeaa
commit c224ca9
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/conf/inner_config.yml b/conf/inner_config.yml
@@ -5,6 +5,7 @@ obdiag:
     file_number_limit: 50
     file_size_limit: 5G
     dis_rsa_algorithms: 0
+    strict_host_key_checking: 0
   logger:
     log_dir: ~/.obdiag/log
     log_filename: obdiag.log

diff --git a/rpm/init_obdiag_cmd.sh b/rpm/init_obdiag_cmd.sh
@@ -10,6 +10,9 @@ _obdiag_completion() {
             ;;
         2)
             case "${COMP_WORDS[1]}" in
+                check)
+                    type_list="run list"
+                    ;;
                 gather)
                     if [ "$COMP_CWORD" -eq 2 ]; then
                         type_list="log clog slog plan_monitor stack perf sysstat obproxy_log all scene ash tabledump parameter variable"

diff --git a/src/common/config.py b/src/common/config.py
@@ -70,6 +70,7 @@
             'file_number_limit': 20,
             'file_size_limit': '2G',
             'dis_rsa_algorithms': 0,
+            'strict_host_key_checking': 0,
         },
         'logger': {
             'log_dir': '~/.obdiag/log',

diff --git a/src/common/ssh_client/remote_client.py b/src/common/ssh_client/remote_client.py
@@ -58,23 +58,30 @@ def __init__(self, context, node):
         remote_client_disable_rsa_algorithms = bool(self.context.inner_config.get("obdiag").get("basic").get("dis_rsa_algorithms"))
         if remote_client_disable_rsa_algorithms:
             self._disabled_rsa_algorithms = DISABLED_ALGORITHMS
+        remote_client_missing_host_key_policy = bool(self.context.inner_config.get("obdiag").get("basic").get("strict_host_key_checking"))
         self.ssh_type = "remote"
         if len(self.key_file) > 0:
             try:
                 self._ssh_fd = paramiko.SSHClient()
+                if remote_client_missing_host_key_policy:
+                    self._ssh_fd.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy())
+                else:
+                    self._ssh_fd.load_system_host_keys()
                 self._ssh_fd.set_missing_host_key_policy(paramiko.client.AutoAddPolicy())
-                self._ssh_fd.load_system_host_keys()
                 self._ssh_fd.connect(hostname=self.host_ip, username=self.username, key_filename=self.key_file, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms)
             except AuthenticationException:
                 self.password = input("Authentication failed, Input {0}@{1} password:\n".format(self.username, self.host_ip))
                 self.need_password = True
                 self._ssh_fd.connect(hostname=self.host_ip, username=self.username, password=self.password, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms)
             except Exception as e:
-                raise OBDIAGSSHConnException("ssh {0}@{1}: failed, exception:{2}".format(self.host_ip, self.ssh_port, e))
+                raise OBDIAGSSHConnException("ssh {0} port {1} failed, exception:{2}".format(self.host_ip, self.ssh_port, e))
         else:
             self._ssh_fd = paramiko.SSHClient()
+            if remote_client_missing_host_key_policy:
+                self._ssh_fd.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy())
+            else:
+                self._ssh_fd.load_system_host_keys()
             self._ssh_fd.set_missing_host_key_policy(paramiko.client.AutoAddPolicy())
-            self._ssh_fd.load_system_host_keys()
             self.need_password = True
             self._ssh_fd.connect(hostname=self.host_ip, username=self.username, password=self.password, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms)