From bd8345777f5a48ee61656248655ebac71a09e926 Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Fri, 9 Dec 2016 14:54:42 +0100
Subject: offload: Do not read ~/.ssh/known_hosts.

* guix/scripts/offload.scm (open-ssh-session): Pass #:knownhosts to
'make-session'.
---
 guix/scripts/offload.scm | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'guix/scripts/offload.scm')

diff --git a/guix/scripts/offload.scm b/guix/scripts/offload.scm
index ebff11664d..f25cc5e7bb 100644
--- a/guix/scripts/offload.scm
+++ b/guix/scripts/offload.scm
@@ -177,6 +177,14 @@ private key from '~a': ~a")
                                ;; #:log-verbosity 'protocol
                                #:identity (build-machine-private-key machine)
 
+                               ;; By default libssh reads ~/.ssh/known_hosts
+                               ;; and uses that to adjust its choice of cipher
+                               ;; suites, which changes the type of host key
+                               ;; that the server sends (RSA vs. Ed25519,
+                               ;; etc.).  Opt for something reproducible and
+                               ;; stateless instead.
+                               #:knownhosts "/dev/null"
+
                                ;; We need lightweight compression when
                                ;; exchanging full archives.
                                #:compression
-- 
cgit v1.2.3