add extra ssh options to prevent host key changed errors

f9229921 · Chris Hines · d23cfc30 · f9229921
Commit f9229921 authored 5 years ago by Chris Hines
--- a/TES/tes/sshwrapper/__init__.py
+++ b/TES/tes/sshwrapper/__init__.py
@@ -91,6 +91,8 @@ class Ssh:

        if mode is None:
            sshcmd = ["ssh", '-o', 'StrictHostKeyChecking=no',
+                      '-o', 'UserKnownHostsFile=/dev/null',
+                      '-o', 'UpdateHostsFile=no',
                      "-S", ctrlsocket,
                      "-M", '-o', 'ControlPersist=10m',
                      '-p', sshport, '-N','-l', user, host]
@@ -169,6 +171,9 @@ class Ssh:
        Ssh.validate_hostname(host)
        ctrlsocket = Ssh.get_ctrl_master_socket(sess, host, user, sshport)
        exec_p = subprocess.Popen(['sftp', '-b', '-','-o', 'Stricthostkeychecking=no',
+                                    
+                                   '-o', 'UserKnownHostsFile=/dev/null',
+                                   '-o', 'UpdateHostsFile=no',
                                   '-P', sshport, '-o', 'ControlPath={}'.format(ctrlsocket),
                                   '{}@{}'.format(user, host)],
                                  stdout=subprocess.PIPE, stderr=subprocess.PIPE,
@@ -217,6 +222,8 @@ class Ssh:
        if (changepath is None or changepath == ""):
            changepath="."
        exec_p = subprocess.Popen(['sftp', '-b', '-','-o', 'Stricthostkeychecking=no',
+                                   '-o', 'UserKnownHostsFile=/dev/null',
+                                   '-o', 'UpdateHostsFile=no',
                                   '-P', sshport, '-o', 'ControlPath={}'.format(ctrlsocket),
                                   '{}@{}'.format(user, host)],
                                  stdout=subprocess.PIPE, stderr=subprocess.PIPE,
@@ -272,18 +279,22 @@ class Ssh:
        if bastion == None:
            # we are executing this command on the login node, so no more magic is needed
            sshcmd = ['ssh', '-o', 'Stricthostkeychecking=no', 
+                      '-o', 'UserKnownHostsFile=/dev/null',
+                      '-o', 'UpdateHostsFile=no',
                      '-S', ctrlsocket, '-p', sshport,
                      '-l', user, host, cmd]
        else:
            # we are executing on a node (e.g. a compute/batch node) using a bastion (e.g. login node)
            # at the moment I'll assume the ssh port for the batch host is the same as the ssh port for the bastion/login host
-            proxycmd = "ssh -o Stricthostkeychecking=no {user}@{bastion} -W {host}:{sshport} -S {ctrlsocket}".format(
+            proxycmd = "ssh -o UserKnownHostsFile=/dev/null -o UpdateHostsFile=no -o Stricthostkeychecking=no {user}@{bastion} -W {host}:{sshport} -S {ctrlsocket}".format(
                user=user, host=host,
                ctrlsocket=ctrlsocket,
                sshport=sshport,
                bastion=bastion)
-            sshcmd = ['ssh', '-o', 'Stricthostkeychecking=no',
+            sshcmd = ['ssh', '-o', 'Stricthostkeychecking=no',  
                      '-o', "ProxyCommand={}".format(proxycmd),
+                      '-o', 'UserKnownHostsFile=/dev/null',
+                      '-o', 'UpdateHostsFile=no',
                      '-p', bastionsshport, '-l', user, bastion, cmd]
        exec_p = subprocess.Popen(sshcmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE,env=env)

@@ -327,6 +338,8 @@ class Ssh:
            # Can we use the existing control master connection and just add a
            # port forward to the batch node
            sshcmd = ['ssh', '-o', 'Stricthostkeychecking=no', '-N',
+                      '-o', 'UserKnownHostsFile=/dev/null',
+                      '-o', 'UpdateHostsFile=no',
                      '-L', '{localport}:{batchhost}:{port}'.
                      format(port=port, localport=localport, batchhost=batchhost),
                      '-O', 'forward', '-S', ctrlsocket,
@@ -335,13 +348,15 @@ class Ssh:
            # Create an ssh tunnel to the batch node using a proxycommand.
            # The proxy command should utilise
            # the existing control master connection
-            proxycmd = "ssh -o Stricthostkeychecking=no {user}@{host} -W {batchhost}:22 -S {ctrlsocket}".format(
+            proxycmd = "ssh -o UserKnownHostsFile=/dev/null -o UpdateHostsFile=no -o Stricthostkeychecking=no {user}@{host} -W {batchhost}:22 -S {ctrlsocket}".format(
                user=user, host=host,
                ctrlsocket=ctrlsocket,
                batchhost=batchhost)
            sshcmd = ['ssh', '-o', 'Stricthostkeychecking=no', '-N',
                      '-L', '{localport}:localhost:{port}'.
                      format(port=port, localport=localport),
+                      '-o', 'UserKnownHostsFile=/dev/null',
+                      '-o', 'UpdateHostsFile=no',
                      '-o', "ProxyCommand={}".format(proxycmd),
                      '-p', sshport, '-l', user, batchhost]