ssh.rb in test-kitchen-1.18.0

- old
+ new

@@ -397,11 +397,10 @@
       # rubocop:disable Metrics/MethodLength, Metrics/AbcSize
       def connection_options(data)
         opts = {
           logger: logger,
           user_known_hosts_file: "/dev/null",
-          paranoid: false,
           hostname: data[:hostname],
           port: data[:port],
           username: data[:username],
           compression: data[:compression],
           compression_level: data[:compression_level],
@@ -428,10 +427,33 @@
 
         opts[:password] = data[:password]           if data.key?(:password)
         opts[:forward_agent] = data[:forward_agent] if data.key?(:forward_agent)
         opts[:verbose] = data[:verbose].to_sym      if data.key?(:verbose)
 
+        # disable host key verification. The hash key to use
+        # depends on the version of net-ssh in use.
+        opts[verify_host_key_option] = false
+
         opts
+      end
+
+      #
+      # Returns the correct host-key-verification option key to use depending
+      # on what version of net-ssh is in use. In net-ssh <= 4.1, the supported
+      # parameter is `paranoid` but in 4.2, it became `verify_host_key`
+      #
+      # `verify_host_key` does not work in <= 4.1, and `paranoid` throws
+      # deprecation warnings in >= 4.2.
+      #
+      # While the "right thing" to do would be to pin train's dependency on
+      # net-ssh to ~> 4.2, this will prevent InSpec from being used in
+      # Chef v12 because of it pinning to a v3 of net-ssh.
+      #
+      def verify_host_key_option
+        current_net_ssh = Net::SSH::Version::CURRENT
+        new_option_version = Net::SSH::Version[4, 2, 0]
+
+        current_net_ssh >= new_option_version ? :verify_host_key : :paranoid
       end
 
       # Creates a new SSH Connection instance and save it for potential future
       # reuse.
       #