Skip to content

SSH vagrant fails due to strict host checking #5488

New issue
New issue
Closed
#6275
Closed
SSH vagrant fails due to strict host checking#5488
#6275
Assignees
swissspidycopilot-swe-agent
Labels
scope:framework
@tomjn

Description

@tomjn
tomjn
opened on Jan 13, 2021

Bug Report

Describe the current, buggy behavior

When setting this wp-cli.yml:

path: "public_html"
@test:
  ssh: vagrant
  path: /srv/www/wordpress-two/public_html

WP CLI will see vagrant and attempt to run vagrant ssh-config to retrieve the connection details. However, this connection fails. To see why, I ran the ssh command WP CLI uses without the -q parameter:

~/dev/vvv/www/wordpress-two ᚴ:master 
❯ ssh -p 2222  -i /Users/tarendai/.vagrant.d/insecure_private_key -t 'vagrant@127.0.0.1'
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:odkaAaxa8UwMr5eB6espa1lXGWOtmJ8w/9M5M/sEU6w.
Please contact your system administrator.
Add correct host key in /Users/tarendai/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/tarendai/.ssh/known_hosts:7
ECDSA host key for [127.0.0.1]:2222 has changed and you have requested strict checking.
Host key verification failed.

If:

  • the user has used a local loopback SSH
  • the user has destroyed and recreated the VM
  • had a different VM open

Then aliases that use ssh will fail due to fingerprinting

Describe how other contributors can replicate this bug

  • Add vagrant to an alias as the ssh parameter
  • ensure that 127.0.0.1 is present in SSH known hosts for reasons unrelated to vagrant
  • attempt to use WP CLI on the host to SSH into the guest

Describe what you expect as the correct outcome

Working alias' when ssh: vagrant is specified

Provide a possible solution

Remove strict host checking when the host is 127.0.0.1, e.g. ssh -o StrictHostKeychecking=no, or, allow wp-cli.yml to force the use of the vagrant ssh fallback

Metadata

Metadata

Assignees

Labels

scope:framework

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions