Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: BOLT 0.19.0
    • Fix Version/s: BOLT 1.15.0
    • Component/s: None
    • Template:
    • Team:
      Bolt
    • Sprint:
      Bolt Kanban
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Previously when a valid hostname entry was present in {{known_hosts}} and the {{host-key-check}} SSH configuration option was set host hey validation could fail when a valid IP address was not included in the {{known_hosts}} entry. This behavior was inconsistent with system SSH where the IP address is not required. Host key checking has been updated to match system SSH.
      Show
      Previously when a valid hostname entry was present in {{known_hosts}} and the {{host-key-check}} SSH configuration option was set host hey validation could fail when a valid IP address was not included in the {{known_hosts}} entry. This behavior was inconsistent with system SSH where the IP address is not required. Host key checking has been updated to match system SSH.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Bolt does not parse known_hosts properly:

      • It treats a comma in the host field as an AND when it should be an OR.
      • It requires an IP address.

      ❯ host test-host
      test-host has address 1.1.1.1
      

      Other IP

      ❯ fgrep test-host .ssh/known_hosts | cut -c1-50
      test-host,9.9.9.9 ecdsa-sha2-nistp256 AAAAE2VjZHNh
      ❯ ssh test-host hostname
      test-host
      ❯ bolt -n test-host command run hostname
      Started on test-host...
      Failed on test-host:
        Host key verification failed for test-host: fingerprint bb:7a:11:d5:ca:cf:a2:64:7c:92:dd:42:22:bc:8b:c6 is unknown for "test-host,1.1.1.1"
      Failed on 1 node: test-host
      Ran on 1 node in 0.23 seconds
      

      No IP

      ❯ fgrep test-host .ssh/known_hosts | cut -c1-50
      test-host ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTIt
      ❯ ssh test-host hostname
      test-host
      ❯ bolt -n test-host command run hostname
      Started on test-host...
      Failed on test-host:
        Host key verification failed for test-host: fingerprint bb:7a:11:d5:ca:cf:a2:64:7c:92:dd:42:22:bc:8b:c6 is unknown for "test-host,1.1.1.1"
      Failed on 1 node: test-host
      Ran on 1 node in 0.23 seconds
      

      Both

      ❯ fgrep test-host .ssh/known_hosts | cut -c1-50
      test-host,1.1.1.1 ecdsa-sha2-nistp256 AAAAE2VjZHNh
      ❯ ssh test-host hostname
      test-host
      ❯ bolt -n test-host command run hostname
      Started on test-host...
      Finished on test-host:
        STDOUT:
          test-host
      Successful on 1 node: test-host
      Ran on 1 node in 1.36 seconds
      

        Attachments

          Activity

            People

            • Assignee:
              cas.donoghue Cas Donoghue
              Reporter:
              daniel.parks Daniel Parks
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support