Commit ac112b4d by James Cammarata

Adding support for hashed known_hosts entries

Fixes Issue #3716 - SSH known host checking needs to understand
hashed known hosts
parent 863b88ba
......@@ -23,7 +23,9 @@ import pipes
import random
import select
import fcntl
import hmac
import pwd
from hashlib import sha1
import ansible.constants as C
from ansible.callbacks import vvv
from ansible import errors
......@@ -39,6 +41,7 @@ class Connection(object):
self.user = user
self.password = password
self.private_key_file = private_key_file
self.HASHED_KEY_MAGIC = "|1|"
def connect(self):
''' connect to the remote host '''
......@@ -105,6 +108,19 @@ class Connection(object):
if line is None or line.find(" ") == -1:
tokens = line.split()
if tokens[0].find(self.HASHED_KEY_MAGIC) == 0:
# this is a hashed known host entry
(kn_salt,kn_host) = tokens[0][len(self.HASHED_KEY_MAGIC):].split("|",2)
hash ='base64'), digestmod=sha1)
if hash.digest() == kn_host.decode('base64'):
return False
# invalid hashed host key, skip it
# standard host file entry
if host in tokens[0]:
return False
return True
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment