SSH Hostkey check

[kotakanbe]

What did you implement:

Closes #415

How did you implement it:

Change options of SSH command.

How can we verify it:

1. Remove the entry of target server in $HOME/ssh/.known_hosts
2. Vuls scan -> Error will be occurred because faild to connect via ssh
3. SSH manually to add a host key to known_hosts
4. Vuls scan -> success

[TODO] Fix README

Todos:

You don't have to satisfy all of the following.

• Write tests
• Write documentation
• Check that there aren't other open pull requests for the same issue/feature
• Format your source code by make fmt
• Pass the test by make test
• Provide verification config / commands
• Enable "Allow edits from maintainers" for this PR
• Update the messages below

Is this ready for review?: NO
Is it a breaking change?: NO

[knqyf263]

LGTM

[2solt]

Since the external ssh using the ~/.ssh/config, can we leave the StrictHostKeyChecking to the user to configure? Currently is baked in.

[kotakanbe]

@2solt

How about adding an option like -ssh-no-strict-hostkey-checking?
(Please propose if you have a nice name :)

[2solt]

That's sounds good as well!
I was just thinking whoever needs to set it could add:

Host *
    StrictHostKeyChecking yes

to ~/.ssh/config or /etc/ssh/ssh_config

(Im not particularly good with naming things :)

[choseh]

Any news here? We're building a deployment for vuls on Kubernetes with helm and this is breaking everything. Could you come up with a quick solution? Command-line options take precedence over configuration files, so there's no way to work around this right now.

[kotakanbe]

@choseh

I will do it tomorrow 👍

[kotakanbe]

@2solt @choseh

merged 👍
#660

[kotakanbe]

@choseh

Would you write a blog on usage examples at k8s?