If "~/.ssh/known_hosts" does not exist, SFTP backend fails

[jonazn]

In the SFTPStorage backend, the _connect() method attempts to "automatically add host keys from the current user," by loading the "~/.ssh/known_hosts" file. However, it doesn't check if that file actually exists before trying to use it. I spent a while trying to figure out why the SFTP backend wasn't working on my own server before pinpointing this issue. This happens on line 97 of sftpstorage.py:

self._ssh.load_host_keys(os.path.expanduser(os.path.join("~", ".ssh", "known_hosts")))

Perhaps it would be useful to wrap that line in a try/except?

[jschneier]

Yeah we should definitely catch that error.

Hmm, the default is to automatically accept unknown hosts which seems...eager? My thinking is to deprecate that default and then if we do catch an error and you haven't told us to auto add I'll just raise a full on exception. What do you think of that plan?

[jonazn]

That sounds like a reasonable solution, but there are also times you'd maybe want that behavior. Perhaps a solution could be an additional setting that, if set, lets you accept unknown hosts? It could default to False.

[jschneier]

Oh yeah, of course. I'm not even sure how I feel about the fact that it automatically loads the keys in ~/.ssh/knows_hosts.

Not sure how big of a deal it is though.

[begincalendar]

This issue just bit me, but in a roundabout way.

In the SFTPStorage.exists() method there is try/catch IOError around this self.sftp.stat(remote_path) and that call goes down to hit this issue.

So that try/catch is catching the wrong exception and returning False, which causes infinite recursion when trying to create a directory that doesn't exist.

[sallyruthstruik]

Pull request with fix: #325

[jschneier]

Fix merged