From nobody Tue May 13 22:11:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1528465627154468.7440071229886;
 Fri, 8 Jun 2018 06:47:07 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 0B32530832CE;
	Fri,  8 Jun 2018 13:47:06 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 72EFD67660;
	Fri,  8 Jun 2018 13:47:05 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0422C180BA83;
	Fri,  8 Jun 2018 13:47:05 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com
	[10.11.54.3])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w58Dk5Rf018156 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 8 Jun 2018 09:46:05 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id CE1C010EE6CE; Fri,  8 Jun 2018 13:46:04 +0000 (UTC)
Received: from t460.redhat.com (unknown [10.33.36.81])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 54B7810EE6D3;
	Fri,  8 Jun 2018 13:46:04 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Fri,  8 Jun 2018 14:45:51 +0100
Message-Id: <20180608134551.25068-13-berrange@redhat.com>
In-Reply-To: <20180608134551.25068-1-berrange@redhat.com>
References: <20180608134551.25068-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3
X-loop: libvir-list@redhat.com
Subject: [libvirt] [tck PATCH 12/12] Disable known hosts file
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]);
 Fri, 08 Jun 2018 13:47:06 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0

Despite having StrictHostKeyChecking=3Dno, SSH still complains about the
host key mismatch and disables password auth as a result. Using
/dev/null as the known_hosts file ensures the keys are never saved to
the user's profile.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 scripts/nwfilter/210-no-mac-spoofing.t  | 3 ++-
 scripts/nwfilter/220-no-ip-spoofing.t   | 3 ++-
 scripts/nwfilter/230-no-mac-broadcast.t | 3 ++-
 scripts/nwfilter/240-no-arp-spoofing.t  | 3 ++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/nwfilter/210-no-mac-spoofing.t b/scripts/nwfilter/210-=
no-mac-spoofing.t
index 99c5058..95b1499 100644
--- a/scripts/nwfilter/210-no-mac-spoofing.t
+++ b/scripts/nwfilter/210-no-mac-spoofing.t
@@ -97,7 +97,8 @@ diag "ssh'ing into $guestip";
 my $ssh =3D Net::OpenSSH->new($guestip,
                             user =3D> "root",
                             password =3D> $tck->root_password(),
-                            master_opts =3D> [-o =3D> "StrictHostKeyChecki=
ng=3Dno"]);
+                            master_opts =3D> [-o =3D> "UserKnownHostsFile=
=3D/dev/null",
+                                            -o =3D> "StrictHostKeyChecking=
=3Doff"]);
=20
 # now bring eth0 down, change MAC and bring it up again
 diag "fiddling with mac";
diff --git a/scripts/nwfilter/220-no-ip-spoofing.t b/scripts/nwfilter/220-n=
o-ip-spoofing.t
index 85c4807..a1da6eb 100644
--- a/scripts/nwfilter/220-no-ip-spoofing.t
+++ b/scripts/nwfilter/220-no-ip-spoofing.t
@@ -91,7 +91,8 @@ diag "ssh'ing into $guestip";
 my $ssh =3D Net::OpenSSH->new($guestip,
                             user =3D> "root",
                             password =3D> $tck->root_password(),
-                            master_opts =3D> [-o =3D> "StrictHostKeyChecki=
ng=3Dno"]);
+                            master_opts =3D> [-o =3D> "UserKnownHostsFile=
=3D/dev/null",
+                                            -o =3D> "StrictHostKeyChecking=
=3Dno"]);
=20
 # now bring eth0 down, change IP and bring it up again
 diag "preparing ip spoof";
diff --git a/scripts/nwfilter/230-no-mac-broadcast.t b/scripts/nwfilter/230=
-no-mac-broadcast.t
index b65b3fc..4254e7c 100644
--- a/scripts/nwfilter/230-no-mac-broadcast.t
+++ b/scripts/nwfilter/230-no-mac-broadcast.t
@@ -119,7 +119,8 @@ diag "ssh'ing into $guestip";
 my $ssh =3D Net::OpenSSH->new($guestip,
                             user =3D> "root",
                             password =3D> $tck->root_password(),
-                            master_opts =3D>  [-o =3D> "StrictHostKeyCheck=
ing=3Dno"]);
+                            master_opts =3D>  [-o =3D> "UserKnownHostsFile=
=3D/dev/null",
+                                             -o =3D> "StrictHostKeyCheckin=
g=3Dno"]);
=20
 # now generate a mac broadcast paket=20
 diag "generate mac broadcast";
diff --git a/scripts/nwfilter/240-no-arp-spoofing.t b/scripts/nwfilter/240-=
no-arp-spoofing.t
index 69851b6..882a385 100644
--- a/scripts/nwfilter/240-no-arp-spoofing.t
+++ b/scripts/nwfilter/240-no-arp-spoofing.t
@@ -100,7 +100,8 @@ diag "ssh'ing into $guestip";
 my $ssh =3D Net::OpenSSH->new($guestip,
                             user =3D> "root",
                             password =3D> $tck->root_password(),
-                            master_opts =3D> [-o =3D> "StrictHostKeyChecki=
ng=3Dno"]);
+                            master_opts =3D> [-o =3D> "UserKnownHostsFile=
=3D/dev/null",
+                                            -o =3D> "StrictHostKeyChecking=
=3Dno"]);
=20
 # now generate a arp spoofing packets=20
 diag "generate arpspoof script";
--=20
2.17.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list