options[:port] = node_config.dig('ssh', 'port') unless node_config.dig('ssh', 'port').nil?
options[:keys] = node_config.dig('ssh', 'private-key') unless node_config.dig('ssh', 'private-key').nil?
options[:password] = node_config.dig('ssh', 'password') unless node_config.dig('ssh', 'password').nil?
- options[:verify_host_key] = Net::SSH::Verifiers::Null.new unless node_config.dig('ssh', 'host-key-check').nil?
+ # Support both net-ssh 4 and 5.
+ # rubocop:disable Metrics/BlockNesting
+ options[:verify_host_key] = if node_config.dig('ssh', 'host-key-check').nil?
+ # Fall back to SSH behavior. This variable will only be set in net-ssh 5.3+.
+ if @strict_host_key_checking.nil? || @strict_host_key_checking
+ Net::SSH::Verifiers::Always.new
+ else
+ # SSH's behavior with StrictHostKeyChecking=no: adds new keys to known_hosts.
+ # If known_hosts points to /dev/null, then equivalent to :never where it
+ # accepts any key beacuse they're all new.
+ Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new
+ end
+ elsif node_config.dig('ssh', 'host-key-check')
+ if defined?(Net::SSH::Verifiers::Always)
+ Net::SSH::Verifiers::Always.new
+ else
+ Net::SSH::Verifiers::Secure.new
+ end
+ elsif defined?(Net::SSH::Verifiers::Never)
+ Net::SSH::Verifiers::Never.new
+ else
+ Net::SSH::Verifiers::Null.new
+ end
+ # rubocop:enable Metrics/BlockNesting
host = if ENV['TARGET_HOST'].include?(':')
ENV['TARGET_HOST'].split(':').first
else