You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Aaron Fowles (Jira)" <ji...@apache.org> on 2020/03/12 10:17:00 UTC
[jira] [Updated] (AIRFLOW-7044) SSH connection (and hook) should
support public host_key usage
[ https://issues.apache.org/jira/browse/AIRFLOW-7044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aaron Fowles updated AIRFLOW-7044:
----------------------------------
Issue Type: New Feature (was: Bug)
> SSH connection (and hook) should support public host_key usage
> --------------------------------------------------------------
>
> Key: AIRFLOW-7044
> URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
> Project: Apache Airflow
> Issue Type: New Feature
> Components: hooks
> Affects Versions: 2.0.0
> Reporter: Aaron Fowles
> Priority: Major
> Labels: newbie, security
>
> It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.
> Currently, people are forced into using
> {code:java}
> 'check_host_key' = False{code}
> which could allow a Man-in-the-middle attack.
> There are two components as far as I can see:
> * The connection should support specify the key_type and key (either as fields or in extra)
> * The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if
> {code:java}
> 'check_host_key' = True{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)