add host checking support

4 years ago · bc4ec4126b
6 changed files with 19 additions and 4 deletions
--- a/index.js
+++ b/index.js
@ -73,6 +73,12 @@ if (require.main === module) {
          type: 'boolean',
          default: process.env.FORCESSH || false
        },
+        knownhosts: {
+          demand: false,
+          description: 'path to known hosts file',
+          type: 'string',
+          default: process.env.KNOWNHOSTS || '/dev/null',
+        },
        base: {
          demand: false,
          alias: 'b',
--- a/src/server/cli/options.ts
+++ b/src/server/cli/options.ts
@ -5,6 +5,7 @@ export interface Options {
  sshauth: string;
  sshkey?: string;
  sshpass?: string;
+  knownhosts: string;
  sslkey?: string;
  sslcert?: string;
  base: string;
--- a/src/server/cli/parseArgs.ts
+++ b/src/server/cli/parseArgs.ts
@ -13,6 +13,7 @@ export function unWrapArgs(
      port: args.sshport,
      pass: args.sshpass,
      key: args.sshkey,
+      knownhosts: args.knownhosts,
    },
    server: {
      base: args.base,
--- a/src/server/command/index.ts
+++ b/src/server/command/index.ts
@ -24,7 +24,7 @@ export default (
      conn: { remoteAddress },
    },
  }: Socket,
-  { user, host, port, auth, pass, key }: SSH,
+  { user, host, port, auth, pass, key, knownhosts }: SSH,
  command: string,
  forcessh: boolean
 ): { args: string[]; user: boolean } => ({
@ -37,6 +37,7 @@ export default (
          pass: pass || '',
          command,
          auth,
+          knownhosts,
        }),
        key
      ),
--- a/src/server/command/ssh.ts
+++ b/src/server/command/ssh.ts
@ -3,10 +3,15 @@ import parseCommand from './parse';
 import logger from '../utils/logger';

 export default function sshOptions(
-  { pass, path, command, host, port, auth }: { [s: string]: string },
+  { pass, path, command, host, port, auth, knownhosts }: { [s: string]: string },
  key?: string
 ): string[] {
  const cmd = parseCommand(command, path);
+  if (knownhosts !== '/dev/null') {
+    var hostChecking = 'yes';
+  } else {
+    var hostChecking = 'no';
+  }
  const sshRemoteOptsBase = [
    'ssh',
    host,
@ -16,9 +21,9 @@ export default function sshOptions(
    '-o',
    `PreferredAuthentications=${auth}`,
    '-o',
-    'UserKnownHostsFile=/dev/null',
+    `UserKnownHostsFile=${knownhosts}`,
    '-o', 
-    'StrictHostKeyChecking=no',
+    `StrictHostKeyChecking=${hostChecking}`,
  ];
  logger.info(`Authentication Type: ${auth}`);
  if (!isUndefined(key)) {
--- a/src/server/interfaces.ts
+++ b/src/server/interfaces.ts
@ -3,6 +3,7 @@ export interface SSH {
  host: string;
  auth: string;
  port: number;
+  knownhosts: string;
  pass?: string;
  key?: string;
 }