You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/03/16 20:42:46 UTC

[GitHub] [airflow] a246530 opened a new pull request #22324: Update ssh.py

a246530 opened a new pull request #22324:
URL: https://github.com/apache/airflow/pull/22324


   Incorrect logic for self.allow_host_key_change warning regarding "Remote Identification Change is not verified". This was identified in https://github.com/apache/airflow/issues/9510
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on pull request #22324: Fix bug using `allow_host_key_change` in `SSHHook`

Posted by GitBox <gi...@apache.org>.
potiuk commented on pull request #22324:
URL: https://github.com/apache/airflow/pull/22324#issuecomment-1073753276


   I think it is only half of the solution. The way it will work after the change is that warning is correct, but the behaviour will not be correct. If "allow_host_key_change" will be set to 'False` (default) it will skip completely already present host keys, instead it will treat all the connections as new.  This is very bad.
   
   I think this should be solved better:
   
   1) load_system_host_keys should be called in "else" (so skip it wen "allow_host_key_change" is True:
   2) there should be a policy to accept all new host keys added.
   
   This is precisely as described here:
   
   https://stackoverflow.com/questions/47438468/automatically-updating-known-hosts-file-when-host-key-changes-using-paramiko
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk edited a comment on pull request #22324: Fix bug using `allow_host_key_change` in `SSHHook`

Posted by GitBox <gi...@apache.org>.
potiuk edited a comment on pull request #22324:
URL: https://github.com/apache/airflow/pull/22324#issuecomment-1073753276


   I think it is only half of the solution. The way it will work after the change is that warning is correct, but the behaviour will not be correct. If "allow_host_key_change" will be set to 'False` (default) it will skip completely already present host keys, instead it will treat all the connections as new.  This is very bad.
   
   I think this should be solved better:
   
   1) load_system_host_keys should be called in "else" (so skip it wen "allow_host_key_change" is True:
   2) there should be a policy to accept all new host keys added when "allow_host_key_change" is True.
   
   This is precisely as described here:
   
   https://stackoverflow.com/questions/47438468/automatically-updating-known-hosts-file-when-host-key-changes-using-paramiko
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on pull request #22324: Update ssh.py

Posted by GitBox <gi...@apache.org>.
boring-cyborg[bot] commented on pull request #22324:
URL: https://github.com/apache/airflow/pull/22324#issuecomment-1069612287


   Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst)
   Here are some useful points:
   - Pay attention to the quality of your code (flake8, mypy and type annotations). Our [pre-commits]( https://github.com/apache/airflow/blob/main/STATIC_CODE_CHECKS.rst#prerequisites-for-pre-commit-hooks) will help you with that.
   - In case of a new feature add useful documentation (in docstrings or in `docs/` directory). Adding a new operator? Check this short [guide](https://github.com/apache/airflow/blob/main/docs/apache-airflow/howto/custom-operator.rst) Consider adding an example DAG that shows how users should use it.
   - Consider using [Breeze environment](https://github.com/apache/airflow/blob/main/BREEZE.rst) for testing locally, itโ€™s a heavy docker but it ships with a working Airflow and a lot of integrations.
   - Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
   - Please follow [ASF Code of Conduct](https://www.apache.org/foundation/policies/conduct) for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
   - Be sure to read the [Airflow Coding style]( https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#coding-style-and-best-practices).
   Apache Airflow is a community-driven project and together we are making it better ๐Ÿš€.
   In case of doubts contact the developers at:
   Mailing List: dev@airflow.apache.org
   Slack: https://s.apache.org/airflow-slack
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org