offload: Do not read ~/.ssh/known_hosts.

* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to 'make-session'.
author: Ludovic Courtès <ludo@gnu.org> 2016-12-09 14:54:42 +0100
committer: Ludovic Courtès <ludo@gnu.org> 2016-12-09 23:02:01 +0100
commit: bd8345777f5a48ee61656248655ebac71a09e926 (patch)
tree: 1abc46059c87b7fc8fd608cf6dc2cf1f1570797b
parent: 750778abd4a5cb3d61317704cc1916a12e57799d (diff)
download: guix-bd8345777f5a48ee61656248655ebac71a09e926.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index ebff11664d..f25cc5e7bb 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -177,6 +177,14 @@ private key from '~a': ~a")
                                ;; #:log-verbosity 'protocol
                                #:identity (build-machine-private-key machine)
 
+                               ;; By default libssh reads ~/.ssh/known_hosts
+                               ;; and uses that to adjust its choice of cipher
+                               ;; suites, which changes the type of host key
+                               ;; that the server sends (RSA vs. Ed25519,
+                               ;; etc.).  Opt for something reproducible and
+                               ;; stateless instead.
+                               #:knownhosts "/dev/null"
+
                                ;; We need lightweight compression when
                                ;; exchanging full archives.
                                #:compression
author	Ludovic Courtès <ludo@gnu.org>	2016-12-09 14:54:42 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2016-12-09 23:02:01 +0100
commit	bd8345777f5a48ee61656248655ebac71a09e926 (patch)
tree	1abc46059c87b7fc8fd608cf6dc2cf1f1570797b
parent	750778abd4a5cb3d61317704cc1916a12e57799d (diff)
download	guix-bd8345777f5a48ee61656248655ebac71a09e926.tar.gz