jnovack/autossh

Ignores SSH_STRICT_HOST_IP_CHECK=false

Megamannen opened this issue · 1 comments

Megamannen commented

This still checks the hosts

My compose:

version: '3.7'

services:
  tunnel:
    image: jnovack/autossh
    container_name: tunnel
    environment:
      - SSH_REMOTE_USER=pi
      - SSH_REMOTE_HOST=docker.lan
      - SSH_REMOTE_PORT=22
      - SSH_TUNNEL_PORT=2222
      - SSH_TARGET_HOST=192.168.88.254
      - SSH_TARGET_PORT=22
      - SSH_STRICT_HOST_IP_CHECK=false
    restart: unless-stopped
    volumes:
      - ./id_rsa:/id_rsa
      - ./known_hosts:/known_hosts

output when running:

Creating tunnel ... done
Attaching to tunnel
tunnel    | jnovack/autossh v2.0.1 revision 816f453 built 2021-04-01T10:51:38Z
tunnel    | Agent pid 9
tunnel    | Identity added: (stdin) (ssh-client@303d7e380c29)
tunnel    | [WARN ] Not using STRICT_HOSTS_KEY_CHECKING
tunnel    | [INFO ] Using STRICT_HOSTS_KEY_CHECKING
tunnel    | [INFO ] Using autossh 1.4g
tunnel    | [INFO ] Tunneling 127.0.0.1:2222  on pi@docker.lan:22  to 192.168.88.254:22
tunnel    | [INFO ] # autossh -M 0 -N -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/known_hosts -o CheckHostIP=no -o ServerAliveInterval=10 -o ServerAliveCountMax=3 -o ExitOnForwardFailure=yes -t -t -R 127.0.0.1:2222:192.168.88.254:22 -p 22 pi@docker.lan
tunnel    | No ECDSA host key is known for docker.lan and you have requested strict checking.
tunnel    | Host key verification failed.

As you can see -o StrictHostKeyChecking=yes

Megamannen commented

Ok, no shell master. But don't you compare "false" (string) to false (boolean) here?

autossh/rootfs/entrypoint.sh

Line 19 in 816f453

if [ "${SSH_STRICT_HOST_IP_CHECK}" = false ]; then