[
https://issues.apache.org/jira/browse/AIRFLOW-7044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17261229#comment-17261229
]
ASF subversion and git services commented on AIRFLOW-7044:
----------------------------------------------------------
Commit 52339a55c054bddd1d46253575274a3d5d141ebe in airflow's branch
refs/heads/master from Andreas Franzén
[ https://gitbox.apache.org/repos/asf?p=airflow.git;h=52339a5 ]
[AIRFLOW-7044] Host key can be specified via SSH connection extras. (#12944)
> SSH connection (and hook) should support public host_key usage
> --------------------------------------------------------------
>
> Key: AIRFLOW-7044
> URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
> Project: Apache Airflow
> Issue Type: Improvement
> Components: hooks
> Affects Versions: 2.0.0
> Reporter: Aaron Fowles
> Assignee: Aaron Fowles
> Priority: Minor
> Labels: newbie, security, sftp, ssh
>
> It would be good to be able to enforce a public host key check against a
> known value when making a SSH or SFTP connection.
> Currently, people are forced into using
> {code:java}
> 'no_host_key_check' = True{code}
> which could allow a Man-in-the-middle attack.
> There are two components as far as I can see:
> * The connection should support specify the key_type and key (either as
> fields or in extra)
> * The hook should write get and write those values (along with the hostname)
> to the ~/.ssh/known_hosts file if
> {code:java}
> 'no_host_key_check' = False{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
