Add SSH configuration options to support environment variables for strict host key checking and known hosts file path in ssh.lua and compose.yaml

2025-09-15 09:51:43 +02:00
parent c9f5cb673d
commit 4d2c0aebbb
2 changed files with 16 additions and 4 deletions
--- a/compose.yaml
+++ b/compose.yaml
@@ -22,6 +22,8 @@ services:
      WOL_PORT: "${WOL_PORT:-9}"                    # optional
      USE_LUAJIT: "${USE_LUAJIT:-true}"             # optional: use LuaJIT for better performance (default: true)
      DEBUG: "${DEBUG:-false}"
+      SSH_STRICT_HOST_KEY_CHECKING: "${SSH_STRICT_HOST_KEY_CHECKING:-no}"  # optional: SSH host key verification (default: no)
+      SSH_KNOWN_HOSTS_FILE: "${SSH_KNOWN_HOSTS_FILE:-/root/.ssh/known_hosts}"  # optional: SSH known hosts file path (default: /root/.ssh/known_hosts)
    restart: unless-stopped
    volumes:
      - /etc/localtime:/etc/localtime:ro
--- a/scripts/ssh.lua
+++ b/scripts/ssh.lua
@@ -36,6 +36,11 @@ function ssh_module.execute(command, user, host, port, identity_file)
  -- -oConnectTimeout for faster failure
  -- -oStrictHostKeyChecking uses known_hosts; adjust if needed
  local dest = (user ~= "" and (user .. "@" .. host) or host)
+
+  -- Get SSH configuration from environment variables
+  local strict_host_key_checking = utils.getenv("SSH_STRICT_HOST_KEY_CHECKING", "yes")
+  local known_hosts_file = utils.getenv("SSH_KNOWN_HOSTS_FILE", "/root/.ssh/known_hosts")
+
  local pieces = {
    "ssh",
    "-p", tostring(port),
@@ -43,8 +48,8 @@ function ssh_module.execute(command, user, host, port, identity_file)
    "-o", "ConnectTimeout=30",
    "-o", "ServerAliveInterval=5",
    "-o", "ServerAliveCountMax=1",
-    "-o", "UserKnownHostsFile=/root/.ssh/known_hosts",
-    "-o", "StrictHostKeyChecking=yes",
+    "-o", "UserKnownHostsFile=" .. known_hosts_file,
+    "-o", "StrictHostKeyChecking=" .. strict_host_key_checking,
  }

  if identity_file ~= "" then
@@ -92,6 +97,11 @@ function ssh_module.execute_with_output(command, user, host, port, identity_file

  -- Build base ssh command (run locally)
  local dest = (user ~= "" and (user .. "@" .. host) or host)
+
+  -- Get SSH configuration from environment variables
+  local strict_host_key_checking = utils.getenv("SSH_STRICT_HOST_KEY_CHECKING", "yes")
+  local known_hosts_file = utils.getenv("SSH_KNOWN_HOSTS_FILE", "/root/.ssh/known_hosts")
+
  local pieces = {
    "ssh",
    "-p", tostring(port),
@@ -99,8 +109,8 @@ function ssh_module.execute_with_output(command, user, host, port, identity_file
    "-o", "ConnectTimeout=30",
    "-o", "ServerAliveInterval=5",
    "-o", "ServerAliveCountMax=1",
-    -- "-o", "UserKnownHostsFile=/root/.ssh/known_hosts",
-    "-o", "StrictHostKeyChecking=no",
+    "-o", "UserKnownHostsFile=" .. known_hosts_file,
+    "-o", "StrictHostKeyChecking=" .. strict_host_key_checking,
  }

  if identity_file ~= "" then