[jira] [Commented] (AIRFLOW-7044) SSH connection (and hook) should support public host_key usage

Wed, 16 Dec 2020 01:34:45 -0800 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-7044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17250206#comment-17250206
 ] 

ASF GitHub Bot commented on AIRFLOW-7044:
-----------------------------------------

github-actions[bot] commented on pull request #12944:
URL: https://github.com/apache/airflow/pull/12944#issuecomment-745986505


   The PR most likely needs to run full matrix of tests because it modifies 
parts of the core of Airflow. However, committers might decide to merge it 
quickly and take the risk. If they don't merge it quickly - please rebase it to 
the latest master at your convenience, or amend the last commit of the PR, and 
push it with --force-with-lease.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]


> SSH connection (and hook) should support public host_key usage
> --------------------------------------------------------------
>
>                 Key: AIRFLOW-7044
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: hooks
>    Affects Versions: 2.0.0
>            Reporter: Aaron Fowles
>            Assignee: Aaron Fowles
>            Priority: Minor
>              Labels: newbie, security, sftp, ssh
>
> It would be good to be able to enforce a public host key check against a 
> known value when making a SSH or SFTP connection.
> Currently, people are forced into using
> {code:java}
> 'no_host_key_check' = True{code}
> which could allow a Man-in-the-middle attack.
> There are two components as far as I can see:
>  * The connection should support specify the key_type and key (either as 
> fields or in extra)
>  * The hook should write get and write those values (along with the hostname) 
> to the ~/.ssh/known_hosts file if
> {code:java}
> 'no_host_key_check' = False{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to