From 979ae0b0488797dcca9ed37716620329d6729d39 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Mon, 11 Feb 2019 12:04:37 +0530
Subject: [PATCH 1/5] Setup known_hosts for ssh-host-signer certs

Signed-off-by: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
---
 deploy/deploy.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index 65ed9e6..a62d1df 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -32,12 +32,20 @@ ssh-keygen -t rsa -b 4096 -C "GH-actions-ssh-deploy-key" -f "$HOME/.ssh/id_rsa"
 # Get signed key from vault
 vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $HOME/.ssh/signed-cert.pub
 
+# Setup known_hosts
+$known_hosts_file = "${HOME}/.ssh/known_hosts"
+known_host_data="@cert-authority *.${hostname} "
+host_signer=$(vault read -field=public_key ssh-host-signer/config/ca)
+known_host_data="${known_host_data}${host_signer}"
+echo "$known_host_data" >> "$known_hosts_file"
+
 # Create ssh config file. `~/.ssh/config` does not work.
 cat > /etc/ssh/ssh_config <<EOL
 Host $hostname
 HostName $hostname
 IdentityFile ${HOME}/.ssh/signed-cert.pub
 IdentityFile ${HOME}/.ssh/id_rsa
+UserKnownHostsFile $known_hosts_file
 User root
 EOL
 

From b56019fbeec7ab5b4044dabef048eb5964dd5878 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Mon, 11 Feb 2019 12:17:16 +0530
Subject: [PATCH 2/5] Fix known_hosts_file variable

Signed-off-by: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
---
 deploy/deploy.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index a62d1df..fb2fbc5 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -33,7 +33,7 @@ ssh-keygen -t rsa -b 4096 -C "GH-actions-ssh-deploy-key" -f "$HOME/.ssh/id_rsa"
 vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $HOME/.ssh/signed-cert.pub
 
 # Setup known_hosts
-$known_hosts_file = "${HOME}/.ssh/known_hosts"
+known_hosts_file="${SSH_DIR}/known_hosts"
 known_host_data="@cert-authority *.${hostname} "
 host_signer=$(vault read -field=public_key ssh-host-signer/config/ca)
 known_host_data="${known_host_data}${host_signer}"

From b1906e34228fe0ad8486875d29872cb5d75a4e6f Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Mon, 11 Feb 2019 12:47:54 +0530
Subject: [PATCH 3/5] Update hostname matching

Signed-off-by: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
---
 deploy/deploy.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index fb2fbc5..27f32a1 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -34,7 +34,7 @@ vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.
 
 # Setup known_hosts
 known_hosts_file="${SSH_DIR}/known_hosts"
-known_host_data="@cert-authority *.${hostname} "
+known_host_data="@cert-authority ${hostname} "
 host_signer=$(vault read -field=public_key ssh-host-signer/config/ca)
 known_host_data="${known_host_data}${host_signer}"
 echo "$known_host_data" >> "$known_hosts_file"

From 5952e9ea528d13a62b687acee4ad20a80147da98 Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Mon, 11 Feb 2019 12:51:59 +0530
Subject: [PATCH 4/5] Remove commented known_hosts code

Signed-off-by: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
---
 deploy/deploy.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
index 27f32a1..34ef46b 100755
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@@ -49,9 +49,6 @@ UserKnownHostsFile $known_hosts_file
 User root
 EOL
 
-# echo "$SSH_KNOWN_HOSTS" | tr -d '\r' > "$SSH_DIR/known_hosts"
-# chmod 644 "$SSH_DIR/known_hosts"
-
 mkdir -p "$HTDOCS"
 cd "$HTDOCS"
 export build_root="$(pwd)"

From 36c60050ff16acf950c9dfe7ea7d2eeabbd62d3f Mon Sep 17 00:00:00 2001
From: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
Date: Mon, 11 Feb 2019 12:53:50 +0530
Subject: [PATCH 5/5] Remove extra config which has been solved by
 ssh-host-signer

Signed-off-by: Riddhesh Sanghvi <riddheshsanghvi96@gmail.com>
---
 deploy/README.md | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/deploy/README.md b/deploy/README.md
index 0dccaae..6752e40 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -20,30 +20,17 @@ master:
   # Path to deploy. Can be auto-determined using EE version if not specified explicitly.
   deploy_path: /opt/easyengine/sites/example.com/app/htdocs
 
-
-  # Setting these options because of ssh-issues in GH actions.
-  # Should not be needed in future, hopefully :fingers-crossed:
-  sshOptions:
-    UserKnownHostsFile: /dev/null
-    StrictHostKeyChecking: no
-
 staging:
   hostname: stag.example.com
   user: root
   stage: develop
   deploy_path: /opt/easyengine/sites/stag.example.com/app/htdocs
-  sshOptions:
-    UserKnownHostsFile: /dev/null
-    StrictHostKeyChecking: no
 
 develop:
   hostname: dev.example.com
   user: root
   stage: develop
   deploy_path: /opt/easyengine/sites/dev.example.com/app/htdocs
-  sshOptions:
-    UserKnownHostsFile: /dev/null
-    StrictHostKeyChecking: no
 
 ci_script_options:
   vip: true