From 77e34048e93a16a94fe6897bb974022ac9d57e17 Mon Sep 17 00:00:00 2001 From: sxwebdev Date: Tue, 1 Apr 2025 14:54:05 +0300 Subject: [PATCH 1/2] check knownhosts in deploy --- cmd/gcx/main.go | 82 +++++++++++++++++++++++++++++-------------------- 1 file changed, 48 insertions(+), 34 deletions(-) diff --git a/cmd/gcx/main.go b/cmd/gcx/main.go index b092849..db8e170 100644 --- a/cmd/gcx/main.go +++ b/cmd/gcx/main.go @@ -740,40 +740,8 @@ func publishToSSH(cfg *SSHPublishConfig, artifactsDir string, tmplData map[strin remoteDir := dirBuffer.String() // Check if known_hosts file exists and create it if it doesn't - knownHostsPath, err := helpers.ExpandPath("~/.ssh/known_hosts") - if err != nil { - return fmt.Errorf("failed to expand known hosts path: %w", err) - } - - if _, err := os.Stat(knownHostsPath); os.IsNotExist(err) { - // Create ~/.ssh directory if it doesn't exist - sshDir := filepath.Dir(knownHostsPath) - if err := os.MkdirAll(sshDir, 0o700); err != nil { - return fmt.Errorf("failed to create .ssh directory: %w", err) - } - - // Create empty known_hosts file - if err := os.WriteFile(knownHostsPath, []byte{}, 0o600); err != nil { - return fmt.Errorf("failed to create known_hosts file: %w", err) - } - - // Run ssh-keyscan to add the server to known_hosts - cmd := exec.Command("ssh-keyscan", "-H", cfg.Server) - output, err := cmd.Output() - if err != nil { - return fmt.Errorf("ssh-keyscan failed: %w", err) - } - - // Append the output to the known_hosts file - f, err := os.OpenFile(knownHostsPath, os.O_APPEND|os.O_WRONLY, 0o600) - if err != nil { - return fmt.Errorf("failed to open known_hosts file: %w", err) - } - defer f.Close() - - if _, err := f.Write(output); err != nil { - return fmt.Errorf("failed to write to known_hosts file: %w", err) - } + if err := checkKnonwnHost(cfg.Server); err != nil { + return fmt.Errorf("failed to check known_hosts file: %w", err) } // Create SSH client @@ -1101,6 +1069,11 @@ func executeSSHDeploy(cfg *SSHDeployConfig) error { return fmt.Errorf("invalid SSH configuration: %w", err) } + // Check if known_hosts file exists and create it if it doesn't + if err := checkKnonwnHost(cfg.Server); err != nil { + return fmt.Errorf("failed to check known_hosts file: %w", err) + } + // Create SSH client var auth goph.Auth var err error @@ -1148,6 +1121,47 @@ func executeSSHDeploy(cfg *SSHDeployConfig) error { return nil } +func checkKnonwnHost(server string) error { + // Check if known_hosts file exists and create it if it doesn't + knownHostsPath, err := helpers.ExpandPath("~/.ssh/known_hosts") + if err != nil { + return fmt.Errorf("failed to expand known hosts path: %w", err) + } + + if _, err := os.Stat(knownHostsPath); os.IsNotExist(err) { + // Create ~/.ssh directory if it doesn't exist + sshDir := filepath.Dir(knownHostsPath) + if err := os.MkdirAll(sshDir, 0o700); err != nil { + return fmt.Errorf("failed to create .ssh directory: %w", err) + } + + // Create empty known_hosts file + if err := os.WriteFile(knownHostsPath, []byte{}, 0o600); err != nil { + return fmt.Errorf("failed to create known_hosts file: %w", err) + } + + // Run ssh-keyscan to add the server to known_hosts + cmd := exec.Command("ssh-keyscan", "-H", server) + output, err := cmd.Output() + if err != nil { + return fmt.Errorf("ssh-keyscan failed: %w", err) + } + + // Append the output to the known_hosts file + f, err := os.OpenFile(knownHostsPath, os.O_APPEND|os.O_WRONLY, 0o600) + if err != nil { + return fmt.Errorf("failed to open known_hosts file: %w", err) + } + defer f.Close() + + if _, err := f.Write(output); err != nil { + return fmt.Errorf("failed to write to known_hosts file: %w", err) + } + } + + return nil +} + func main() { // Load environment variables from .env file, if it exists. godotenv.Load() From 91d80cac36887476b058d3ef912a7fb2f3ac0224 Mon Sep 17 00:00:00 2001 From: sxwebdev Date: Tue, 1 Apr 2025 14:55:52 +0300 Subject: [PATCH 2/2] fix --- cmd/gcx/main.go | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/cmd/gcx/main.go b/cmd/gcx/main.go index db8e170..43ef176 100644 --- a/cmd/gcx/main.go +++ b/cmd/gcx/main.go @@ -740,8 +740,10 @@ func publishToSSH(cfg *SSHPublishConfig, artifactsDir string, tmplData map[strin remoteDir := dirBuffer.String() // Check if known_hosts file exists and create it if it doesn't - if err := checkKnonwnHost(cfg.Server); err != nil { - return fmt.Errorf("failed to check known_hosts file: %w", err) + if !cfg.InsecureIgnoreHostKey { + if err := checkKnonwnHost(cfg.Server); err != nil { + return fmt.Errorf("failed to check known_hosts file: %w", err) + } } // Create SSH client @@ -1070,8 +1072,10 @@ func executeSSHDeploy(cfg *SSHDeployConfig) error { } // Check if known_hosts file exists and create it if it doesn't - if err := checkKnonwnHost(cfg.Server); err != nil { - return fmt.Errorf("failed to check known_hosts file: %w", err) + if !cfg.InsecureIgnoreHostKey { + if err := checkKnonwnHost(cfg.Server); err != nil { + return fmt.Errorf("failed to check known_hosts file: %w", err) + } } // Create SSH client