Make explicit disabling of strict-host-key-checking mandatory by default
What does this MR do?
Enable strict host key checking by default unless explicitly disabled through the runners.ssh.disable_strict_host_key_checking
parameter
Why was this MR needed?
To deprecate the previous behaviour where disable_strict_host_key_checking
What's the best way to test this MR?
gitlab-ci
job:
script:
- 'for i in $(seq 1 10); do echo $(date); sleep 1; done'
- echo "done"
- Launch a job using the
gitlab-ci
above and the followingconfig.toml
config.toml
[[runners]]
name = "kubernetes"
url = "https://gitlab.com/"
token = "__TOKEN__"
executor = "ssh"
[runners.ssh]
host = "__HOST__"
port = "22"
user = "__USERNAME__"
password = "__PASSWORD__"
- The job fails.
Notes: The assumption here is that the localhost
hasn't been trusted already. It is the case, it needs to be removed from the known_host
because the test is done.
- Launch a job using the
gitlab-ci
above and the followingconfig.toml
(Strict Host Hey checking explicitly disabled)
config.toml
[[runners]]
name = "kubernetes"
url = "https://gitlab.com/"
token = "__TOKEN__"
executor = "ssh"
[runners.ssh]
host = "__HOST__"
port = "22"
user = "__USERNAME__"
password = "__PASSWORD__"
disable_strict_host_key_checking = true
- The job succeeds
What are the relevant issue numbers?
close #28192 (closed)
Edited by Romuald Atchadé