Skip to content

Make explicit disabling of strict-host-key-checking mandatory by default

What does this MR do?

Enable strict host key checking by default unless explicitly disabled through the runners.ssh.disable_strict_host_key_checking parameter

Why was this MR needed?

To deprecate the previous behaviour where disable_strict_host_key_checking

What's the best way to test this MR?

gitlab-ci
job:
 script:
 - 'for i in $(seq 1 10); do echo $(date); sleep 1; done'
 - echo "done"
  1. Launch a job using the gitlab-ci above and the following config.toml
config.toml
[[runners]]
  name = "kubernetes"
  url = "https://gitlab.com/"
  token = "__TOKEN__"
  executor = "ssh"
  [runners.ssh]
    host = "__HOST__"
    port = "22"
    user = "__USERNAME__"
    password = "__PASSWORD__"
  1. The job fails.

Notes: The assumption here is that the localhost hasn't been trusted already. It is the case, it needs to be removed from the known_host because the test is done.

  1. Launch a job using the gitlab-ci above and the following config.toml (Strict Host Hey checking explicitly disabled)
config.toml
[[runners]]
  name = "kubernetes"
  url = "https://gitlab.com/"
  token = "__TOKEN__"
  executor = "ssh"
  [runners.ssh]
    host = "__HOST__"
    port = "22"
    user = "__USERNAME__"
    password = "__PASSWORD__"
    disable_strict_host_key_checking = true
  1. The job succeeds

What are the relevant issue numbers?

close #28192 (closed)

Edited by Romuald Atchadé

Merge request reports

Loading