Add default timeout to legacy ssh.ClientConfig (#15440)
* Add default timeout to legacy ssh.ClientConfig When using the deprecated Dynamic SSH Keys method, Vault will make an outbound SSH connection to an arbitrary remote host to place SSH keys. We now set a timeout of 1 minute for this connection. It is strongly recommended consumers of this SSH secrets engine feature migrate to the more secure, and otherwise equivalent, SSH certificates method. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add changelog Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
This commit is contained in:
parent
71372e4ea8
commit
0ce7c3b331
|
@ -171,6 +171,7 @@ func createSSHComm(logger log.Logger, username, ip string, port int, hostkey str
|
||||||
ssh.PublicKeys(signer),
|
ssh.PublicKeys(signer),
|
||||||
},
|
},
|
||||||
HostKeyCallback: insecureIgnoreHostWarning(logger),
|
HostKeyCallback: insecureIgnoreHostWarning(logger),
|
||||||
|
Timeout: 1 * time.Minute,
|
||||||
}
|
}
|
||||||
|
|
||||||
connfunc := func() (net.Conn, error) {
|
connfunc := func() (net.Conn, error) {
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
secrets/ssh: Add connection timeout of 1 minute for outbound SSH connection in deprecated Dynamic SSH Keys mode.
|
||||||
|
```
|
Loading…
Reference in New Issue