You can also create a task that appends the known signature to the known hosts file before the task that needs it. This is allows you to actually vet those entries instead of blindly accept them.
On Jan 13, 2012, at 8:02 AM, Haim Ashkenazi <[email protected]> wrote: > Hi Lance, > > Although it's very dangerous practice, if you know what you're doing you can > use ssh options to not check host verification. You can do it in 2 places: > > In $HOME/.ssh/config you can put something like this: > Host SOMEHOST > StrictHostKeyChecking no > > In Capfile you can set ssh_options[:strict_host_key_checking] to no. I'm not > sure about the name but you can check the Net::SSH API docs. I was able to > something like this (ssh_options[:forward_agent] = true) and it worked great. > > Again, Please consider all options as by setting this you loose a big part of > your ability to tell a machine has been compromised. > > A better option might be to use ssh-keyscan to populate your known_hosts > keys, and then clone the repository. > > HTH > > On Fri, Jan 13, 2012 at 5:00 PM, Lance.Haig <[email protected]> wrote: > Hi lee, > > I am writing a cap deploy script for the gitlabhq project and part of the > process is that one of the users it creates needs to be able to clone a repo > from the localhost and as it has not had the host verification approved this > part of the script fails. > > if you want to see my code (it is not neat) you can find it here > https://github.com/lhaig/gitlabhq > > I hope that makes sense > > Thanks for the help. > > Lance > > > > On 13/01/12 08:40, Lee Hambley wrote: >> >> No Lance, >> >> Sorry the process is such that if 9/10 times, to prepare the server for a >> deploy, someone has logged on by hand, and made the changes. What's your >> use-case? (First time in 5 years this has come up on the mailing list, >> perhaps I can help?) >> >> - Lee >> On Thursday, January 12, 2012 at 11:52 PM, Lance.Haig wrote: >> >>> Hi All, >>> >>> I was wondering if there was a Capistrano command that will allow you to >>> accept a host verification key? >>> >>> I need to do this as part of a deploy. >>> >>> Thanks >>> >>> Lance >>> >>> -- >>> * You received this message because you are subscribed to the Google Groups >>> "Capistrano" group. >>> * To post to this group, send email to [email protected] >>> * To unsubscribe from this group, send email to >>> [email protected] For more options, visit this group >>> at http://groups.google.com/group/capistrano?hl=en >> >> -- >> * You received this message because you are subscribed to the Google >> Groups "Capistrano" group. >> * To post to this group, send email to [email protected] >> * To unsubscribe from this group, send email to >> [email protected] For more options, visit this group >> at http://groups.google.com/group/capistrano?hl=en > > -- > * You received this message because you are subscribed to the Google Groups > "Capistrano" group. > * To post to this group, send email to [email protected] > * To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/capistrano?hl=en > > > > -- > Haim > -- > * You received this message because you are subscribed to the Google Groups > "Capistrano" group. > * To post to this group, send email to [email protected] > * To unsubscribe from this group, send email to > [email protected] For more options, visit this group at > http://groups.google.com/group/capistrano?hl=en -- * You received this message because you are subscribed to the Google Groups "Capistrano" group. * To post to this group, send email to [email protected] * To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/capistrano?hl=en
