clan-cli: Move clan_cli/ssh/host_key.py to clan_lib/ssh

2025-06-23 15:05:52 +02:00
parent caf7132fe6
commit 65bb9021de
1 changed files with 35 additions and 0 deletions
--- a/pkgs/clan-cli/clan_lib/ssh/host_key.py
+++ b/pkgs/clan-cli/clan_lib/ssh/host_key.py
@@ -0,0 +1,35 @@
+# Adapted from https://github.com/numtide/deploykit
+
+from typing import Literal
+
+from clan_lib.errors import ClanError
+
+HostKeyCheck = Literal[
+    "strict",  # Strictly check ssh host keys, prompt for unknown ones
+    "ask",  # Ask for confirmation on first use
+    "tofu",  # Trust on ssh keys on first use
+    "none",  # Do not check ssh host keys
+]
+
+
+def hostkey_to_ssh_opts(host_key_check: HostKeyCheck) -> list[str]:
+    """
+    Convert a HostKeyCheck value to SSH options.
+    """
+    match host_key_check:
+        case "strict":
+            return ["-o", "StrictHostKeyChecking=yes"]
+        case "ask":
+            return []
+        case "tofu":
+            return ["-o", "StrictHostKeyChecking=accept-new"]
+        case "none":
+            return [
+                "-o",
+                "StrictHostKeyChecking=no",
+                "-o",
+                "UserKnownHostsFile=/dev/null",
+            ]
+        case _:
+            msg = f"Invalid HostKeyCheck: {host_key_check}"
+            raise ClanError(msg)