[
https://issues.apache.org/jira/browse/AIRFLOW-7044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17061010#comment-17061010
]
Aaron Fowles commented on AIRFLOW-7044:
---------------------------------------
I've submitted a [PR|[https://github.com/apache/airflow/pull/7739]] and posted
in the #development airflow slack channel. Is there anything else I can do to
have my change suggestion and PR considered for inclusion? This is my first
time contributing so just taking my cue from CONTRIBUTING.rst. Thanks!
> SSH connection (and hook) should support public host_key usage
> --------------------------------------------------------------
>
> Key: AIRFLOW-7044
> URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
> Project: Apache Airflow
> Issue Type: Improvement
> Components: hooks
> Affects Versions: 2.0.0
> Reporter: Aaron Fowles
> Priority: Major
> Labels: newbie, security
>
> It would be good to be able to enforce a public host key check against a
> known value when making a SSH or SFTP connection.
> Currently, people are forced into using
> {code:java}
> 'no_host_key_check' = True{code}
> which could allow a Man-in-the-middle attack.
> There are two components as far as I can see:
> * The connection should support specify the key_type and key (either as
> fields or in extra)
> * The hook should write get and write those values (along with the hostname)
> to the ~/.ssh/known_hosts file if
> {code:java}
> 'no_host_key_check' = False{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
