summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-12-09 14:54:42 +0100
committerLudovic Courtès <ludo@gnu.org>2016-12-09 23:02:01 +0100
commitbd8345777f5a48ee61656248655ebac71a09e926 (patch)
tree1abc46059c87b7fc8fd608cf6dc2cf1f1570797b
parent750778abd4a5cb3d61317704cc1916a12e57799d (diff)
offload: Do not read ~/.ssh/known_hosts.
* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to 'make-session'.
-rw-r--r--guix/scripts/offload.scm8
1 files changed, 8 insertions, 0 deletions
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index ebff11664d..f25cc5e7bb 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -177,6 +177,14 @@ private key from '~a': ~a")
;; #:log-verbosity 'protocol
#:identity (build-machine-private-key machine)
+ ;; By default libssh reads ~/.ssh/known_hosts
+ ;; and uses that to adjust its choice of cipher
+ ;; suites, which changes the type of host key
+ ;; that the server sends (RSA vs. Ed25519,
+ ;; etc.). Opt for something reproducible and
+ ;; stateless instead.
+ #:knownhosts "/dev/null"
+
;; We need lightweight compression when
;; exchanging full archives.
#:compression