Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignores SSH_STRICT_HOST_IP_CHECK=false #34

Open
Megamannen opened this issue May 10, 2021 · 1 comment
Open

Ignores SSH_STRICT_HOST_IP_CHECK=false #34

Megamannen opened this issue May 10, 2021 · 1 comment

Comments

@Megamannen
Copy link

This still checks the hosts

My compose:

version: '3.7'

services:
  tunnel:
    image: jnovack/autossh
    container_name: tunnel
    environment:
      - SSH_REMOTE_USER=pi
      - SSH_REMOTE_HOST=docker.lan
      - SSH_REMOTE_PORT=22
      - SSH_TUNNEL_PORT=2222
      - SSH_TARGET_HOST=192.168.88.254
      - SSH_TARGET_PORT=22
      - SSH_STRICT_HOST_IP_CHECK=false
    restart: unless-stopped
    volumes:
      - ./id_rsa:/id_rsa
      - ./known_hosts:/known_hosts

output when running:

Creating tunnel ... done
Attaching to tunnel
tunnel    | jnovack/autossh v2.0.1 revision 816f453 built 2021-04-01T10:51:38Z
tunnel    | Agent pid 9
tunnel    | Identity added: (stdin) (ssh-client@303d7e380c29)
tunnel    | [WARN ] Not using STRICT_HOSTS_KEY_CHECKING
tunnel    | [INFO ] Using STRICT_HOSTS_KEY_CHECKING
tunnel    | [INFO ] Using autossh 1.4g
tunnel    | [INFO ] Tunneling 127.0.0.1:2222  on [email protected]:22  to 192.168.88.254:22
tunnel    | [INFO ] # autossh -M 0 -N -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/known_hosts -o CheckHostIP=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -t -t -R 127.0.0.1:2222:192.168.88.254:22 -p 22 [email protected]
tunnel    | No ECDSA host key is known for docker.lan and you have requested strict checking.
tunnel    | Host key verification failed.

As you can see -o StrictHostKeyChecking=yes

@Megamannen
Copy link
Author

Megamannen commented May 10, 2021

Ok, no shell master. But don't you compare "false" (string) to false (boolean) here?

if [ "${SSH_STRICT_HOST_IP_CHECK}" = false ]; then

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant