You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Aaron Fowles (Jira)" <ji...@apache.org> on 2020/03/12 10:00:03 UTC

[jira] [Created] (AIRFLOW-7044) SSH connection (and hook) should support public host_key usage

Aaron Fowles created AIRFLOW-7044:
-------------------------------------

             Summary: SSH connection (and hook) should support public host_key usage
                 Key: AIRFLOW-7044
                 URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
             Project: Apache Airflow
          Issue Type: Bug
          Components: hooks
    Affects Versions: 2.0.0
            Reporter: Aaron Fowles


It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.

Currently, people are forced into using
{code:java}
'check_host_key' = False{code}
which could allow a Man-in-the-middle attack.

There are two components as far as I can see:
 * The connection should support specify the key_type and key (either as fields or in extra)
 * The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if
{code:java}
'check_host_key' = True{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)