Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix bug using allow_host_key_change in SSHHook #22324

Closed
wants to merge 1 commit into from
Closed

Fix bug using allow_host_key_change in SSHHook #22324

wants to merge 1 commit into from

Conversation

a246530
Copy link

@a246530 a246530 commented Mar 16, 2022
edited by eladkal

Incorrect logic for self.allow_host_key_change warning regarding "Remote Identification Change is not verified". This was identified in #9510

closes: #9510

@a246530
Update ssh.py
f3fdf3b 
Incorrect logic for self.allow_host_key_change warning regarding "Remote Identification Change is not verified"

This was identified in apache#9510
@boring-cyborg
Copy link

boring-cyborg bot commented Mar 16, 2022

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst)
Here are some useful points:

  • Pay attention to the quality of your code (flake8, mypy and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it’s a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: dev@airflow.apache.org
    Slack: https://s.apache.org/airflow-slack

@eladkal eladkal changed the title Update ssh.py Fix bug using allow_host_key_change in SSHHook Mar 20, 2022
@eladkal eladkal changed the title Fix bug using allow_host_key_change in SSHHook Fix bug using allow_host_key_change in SSHHook Mar 20, 2022
@potiuk
Copy link
Member

potiuk commented Mar 21, 2022
edited

I think it is only half of the solution. The way it will work after the change is that warning is correct, but the behaviour will not be correct. If "allow_host_key_change" will be set to 'False` (default) it will skip completely already present host keys, instead it will treat all the connections as new. This is very bad.

I think this should be solved better:

  1. load_system_host_keys should be called in "else" (so skip it wen "allow_host_key_change" is True:
  2. there should be a policy to accept all new host keys added when "allow_host_key_change" is True.

This is precisely as described here:

https://stackoverflow.com/questions/47438468/automatically-updating-known-hosts-file-when-host-key-changes-using-paramiko

@alexkruc alexkruc mentioned this pull request Jun 2, 2022
Merged
@eladkal
Copy link
Contributor

eladkal commented Jun 3, 2022

Fixed in #24116

@eladkal eladkal closed this Jun 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area:providers
Projects
None yet
Milestone
No milestone
3 participants
@a246530 @potiuk @eladkal