You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/03/21 10:56:23 UTC

[GitHub] [airflow] potiuk edited a comment on pull request #22324: Fix bug using `allow_host_key_change` in `SSHHook`

potiuk edited a comment on pull request #22324:
URL: https://github.com/apache/airflow/pull/22324#issuecomment-1073753276


   I think it is only half of the solution. The way it will work after the change is that warning is correct, but the behaviour will not be correct. If "allow_host_key_change" will be set to 'False` (default) it will skip completely already present host keys, instead it will treat all the connections as new.  This is very bad.
   
   I think this should be solved better:
   
   1) load_system_host_keys should be called in "else" (so skip it wen "allow_host_key_change" is True:
   2) there should be a policy to accept all new host keys added when "allow_host_key_change" is True.
   
   This is precisely as described here:
   
   https://stackoverflow.com/questions/47438468/automatically-updating-known-hosts-file-when-host-key-changes-using-paramiko
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org