Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSHHook warns that Remote Identification Change is not verified. when self.allow_host_key_change is set to False instead of when it is set to true #9510

Closed
kkuzelka opened this issue Jun 25, 2020 · 2 comments · Fixed by #24116
Closed

SSHHook warns that Remote Identification Change is not verified. when self.allow_host_key_change is set to False instead of when it is set to true #9510

kkuzelka opened this issue Jun 25, 2020 · 2 comments · Fixed by #24116
Labels
area:providers good first issue kind:bug This is a clearly a bug

Comments

@kkuzelka
Copy link

Apache Airflow version: 1.10.10

What happened:
for any ssh connection with allow_host_key_change set to False or unset Airflow prints

 WARNING - Remote Identification Change is not verified. This wont protect against Man-In-The-Middle attacks

What you expected to happen:

https://airflow.apache.org/docs/stable/howto/connection/ssh.html says

allow_host_key_change - Set to true if you want to allow connecting to hosts that has host key changed or when you get ‘REMOTE HOST IDENTIFICATION HAS CHANGED’ error. This wont protect against Man-In-The-Middle attacks. Other possible solution is to remove the host entry from ~/.ssh/known_hosts file. Default is false.

How to reproduce it:

    ssh_hook = SSHHook(ssh_conn_id=sftp_conn_id)
    sftp_client = ssh_hook.get_conn().open_sftp()

Let me know if I misunderstood how this should work.
@kkuzelka kkuzelka added the kind:bug This is a clearly a bug label Jun 25, 2020
@boring-cyborg
Copy link

boring-cyborg bot commented Jun 25, 2020

Thanks for opening your first issue here! Be sure to follow the issue template!

@zhangyi-hu
Copy link
Contributor

I'm still seeing this in 1.10.12

a246530 added a commit to a246530/airflow that referenced this issue Mar 16, 2022
@a246530
Update ssh.py
f3fdf3b 
Incorrect logic for self.allow_host_key_change warning regarding "Remote Identification Change is not verified"

This was identified in apache#9510
@a246530 a246530 mentioned this issue Mar 16, 2022
Closed
@alexkruc alexkruc mentioned this issue Jun 2, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area:providers good first issue kind:bug This is a clearly a bug
Projects
None yet
Milestone
No milestone
4 participants
@zhangyi-hu @vikramkoka @kkuzelka @eladkal