It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.
Currently, people are forced into using
which could allow a Man-in-the-middle attack.
There are two components as far as I can see:
- The connection should support specify the key_type and key (either as fields or in extra)
- The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if