You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Aaron Fowles (Jira)" <ji...@apache.org> on 2020/03/12 10:00:03 UTC
[jira] [Created] (AIRFLOW-7044) SSH connection (and hook) should
support public host_key usage
Aaron Fowles created AIRFLOW-7044:
-------------------------------------
Summary: SSH connection (and hook) should support public host_key usage
Key: AIRFLOW-7044
URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
Project: Apache Airflow
Issue Type: Bug
Components: hooks
Affects Versions: 2.0.0
Reporter: Aaron Fowles
It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.
Currently, people are forced into using
{code:java}
'check_host_key' = False{code}
which could allow a Man-in-the-middle attack.
There are two components as far as I can see:
* The connection should support specify the key_type and key (either as fields or in extra)
* The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if
{code:java}
'check_host_key' = True{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)