You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Aaron Fowles (Jira)" <ji...@apache.org> on 2020/03/12 10:17:00 UTC

[jira] [Updated] (AIRFLOW-7044) SSH connection (and hook) should support public host_key usage

     [ https://issues.apache.org/jira/browse/AIRFLOW-7044?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Aaron Fowles updated AIRFLOW-7044:
----------------------------------
    Issue Type: New Feature  (was: Bug)

> SSH connection (and hook) should support public host_key usage
> --------------------------------------------------------------
>
>                 Key: AIRFLOW-7044
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-7044
>             Project: Apache Airflow
>          Issue Type: New Feature
>          Components: hooks
>    Affects Versions: 2.0.0
>            Reporter: Aaron Fowles
>            Priority: Major
>              Labels: newbie, security
>
> It would be good to be able to enforce a public host key check against a known value when making a SSH or SFTP connection.
> Currently, people are forced into using
> {code:java}
> 'check_host_key' = False{code}
> which could allow a Man-in-the-middle attack.
> There are two components as far as I can see:
>  * The connection should support specify the key_type and key (either as fields or in extra)
>  * The hook should write get and write those values (along with the hostname) to the ~/.ssh/known_hosts file if
> {code:java}
> 'check_host_key' = True{code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)