Uploaded image for project: 'Apache Airflow'
  1. Apache Airflow
  2. AIRFLOW-7044

SSH connection (and hook) should support public host_key usage

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: In Progress
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0
    • Fix Version/s: None
    • Component/s: hooks

      Description

      It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.

      Currently, people are forced into using

      'no_host_key_check' = True

      which could allow a Man-in-the-middle attack.

      There are two components as far as I can see:

      • The connection should support specify the key_type and key (either as fields or in extra)
      • The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if
        'no_host_key_check' = False

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                aaronfowles Aaron Fowles
                Reporter:
                aaronfowles Aaron Fowles
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: