Aaron Fowles created AIRFLOW-7044:
-------------------------------------
Summary: SSH connection (and hook) should support public host_key
usage
Key: AIRFLOW-7044
URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
Project: Apache Airflow
Issue Type: Bug
Components: hooks
Affects Versions: 2.0.0
Reporter: Aaron Fowles
It would be good to be able to enforce a public host key check against a known
value when making a SSH or SFTP connection.
Currently, people are forced into using
{code:java}
'check_host_key' = False{code}
which could allow a Man-in-the-middle attack.
There are two components as far as I can see:
* The connection should support specify the key_type and key (either as fields
or in extra)
* The hook should write get and write those values (along with the hostname)
to the ~/.ssh/known_hosts file if
{code:java}
'check_host_key' = True{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
