From c224ca95890310ec43e335a61aabfe33cc9ce386 Mon Sep 17 00:00:00 2001 From: xuyan wang <35394786+wayyoungboy@users.noreply.github.com> Date: Wed, 18 Dec 2024 15:39:22 +0800 Subject: [PATCH] remote_client support strict_host_key_checking (#637) * fix: conf path * fix: conf path * remote_client support strict_host_key_checking --- conf/inner_config.yml | 1 + rpm/init_obdiag_cmd.sh | 3 +++ src/common/config.py | 1 + src/common/ssh_client/remote_client.py | 13 ++++++++++--- 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/conf/inner_config.yml b/conf/inner_config.yml index 7ee54841..cdca7e67 100644 --- a/conf/inner_config.yml +++ b/conf/inner_config.yml @@ -5,6 +5,7 @@ obdiag: file_number_limit: 50 file_size_limit: 5G dis_rsa_algorithms: 0 + strict_host_key_checking: 0 logger: log_dir: ~/.obdiag/log log_filename: obdiag.log diff --git a/rpm/init_obdiag_cmd.sh b/rpm/init_obdiag_cmd.sh index c9d3ca5d..99a3ce67 100644 --- a/rpm/init_obdiag_cmd.sh +++ b/rpm/init_obdiag_cmd.sh @@ -10,6 +10,9 @@ _obdiag_completion() { ;; 2) case "${COMP_WORDS[1]}" in + check) + type_list="run list" + ;; gather) if [ "$COMP_CWORD" -eq 2 ]; then type_list="log clog slog plan_monitor stack perf sysstat obproxy_log all scene ash tabledump parameter variable" diff --git a/src/common/config.py b/src/common/config.py index 77690afe..45e12cb2 100644 --- a/src/common/config.py +++ b/src/common/config.py @@ -70,6 +70,7 @@ 'file_number_limit': 20, 'file_size_limit': '2G', 'dis_rsa_algorithms': 0, + 'strict_host_key_checking': 0, }, 'logger': { 'log_dir': '~/.obdiag/log', diff --git a/src/common/ssh_client/remote_client.py b/src/common/ssh_client/remote_client.py index e046c628..a96d69bd 100644 --- a/src/common/ssh_client/remote_client.py +++ b/src/common/ssh_client/remote_client.py @@ -58,23 +58,30 @@ def __init__(self, context, node): remote_client_disable_rsa_algorithms = bool(self.context.inner_config.get("obdiag").get("basic").get("dis_rsa_algorithms")) if remote_client_disable_rsa_algorithms: self._disabled_rsa_algorithms = DISABLED_ALGORITHMS + remote_client_missing_host_key_policy = bool(self.context.inner_config.get("obdiag").get("basic").get("strict_host_key_checking")) self.ssh_type = "remote" if len(self.key_file) > 0: try: self._ssh_fd = paramiko.SSHClient() + if remote_client_missing_host_key_policy: + self._ssh_fd.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy()) + else: + self._ssh_fd.load_system_host_keys() self._ssh_fd.set_missing_host_key_policy(paramiko.client.AutoAddPolicy()) - self._ssh_fd.load_system_host_keys() self._ssh_fd.connect(hostname=self.host_ip, username=self.username, key_filename=self.key_file, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms) except AuthenticationException: self.password = input("Authentication failed, Input {0}@{1} password:\n".format(self.username, self.host_ip)) self.need_password = True self._ssh_fd.connect(hostname=self.host_ip, username=self.username, password=self.password, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms) except Exception as e: - raise OBDIAGSSHConnException("ssh {0}@{1}: failed, exception:{2}".format(self.host_ip, self.ssh_port, e)) + raise OBDIAGSSHConnException("ssh {0} port {1} failed, exception:{2}".format(self.host_ip, self.ssh_port, e)) else: self._ssh_fd = paramiko.SSHClient() + if remote_client_missing_host_key_policy: + self._ssh_fd.set_missing_host_key_policy(paramiko.MissingHostKeyPolicy()) + else: + self._ssh_fd.load_system_host_keys() self._ssh_fd.set_missing_host_key_policy(paramiko.client.AutoAddPolicy()) - self._ssh_fd.load_system_host_keys() self.need_password = True self._ssh_fd.connect(hostname=self.host_ip, username=self.username, password=self.password, port=self.ssh_port, disabled_algorithms=self._disabled_rsa_algorithms)