SUSE · frelon · May 27, 2026
@@ -12,3 +12,20 @@ echo "linux" | passwd root --stdin
 # Allow root ssh access (for testing purposes only!)
 echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/root_access.conf
 systemctl enable sshd
+
+# Static host-key (for testing purposes only!)
+cat > /etc/ssh/ssh_host_ecdsa_key <<EOF
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQw5slj5JGbABTKEU9Ca7rLeZYom0mi
+kPjpDxOw05Eg76gt0Ub6Tnc3JMxGIfA3meiUhGj+fF61tjbfcGu8TDzcAAAAqMKQaBbCkG
+gWAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDDmyWPkkZsAFMoR
+T0Jrust5liibSaKQ+OkPE7DTkSDvqC3RRvpOdzckzEYh8DeZ6JSEaP58XrW2Nt9wa7xMPN
+wAAAAgYsNrbSuJR2TC3+h+0rthmq2uRhFrq7m0F9KZHF4gKuQAAAANZnJlbG9uQGF0b21p
+YwECAw==
+-----END OPENSSH PRIVATE KEY-----
+EOF
+
+cat > /etc/ssh/ssh_host_ecdsa_key.pub <<EOF
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDDmyWPkkZsAFMoRT0Jrust5liibSaKQ+OkPE7DTkSDvqC3RRvpOdzckzEYh8DeZ6JSEaP58XrW2Nt9wa7xMPNw= user@elemental-vm
+EOF
@@ -0,0 +1,9 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
+1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQQw5slj5JGbABTKEU9Ca7rLeZYom0mi
+kPjpDxOw05Eg76gt0Ub6Tnc3JMxGIfA3meiUhGj+fF61tjbfcGu8TDzcAAAAqMKQaBbCkG
+gWAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDDmyWPkkZsAFMoR
+T0Jrust5liibSaKQ+OkPE7DTkSDvqC3RRvpOdzckzEYh8DeZ6JSEaP58XrW2Nt9wa7xMPN
+wAAAAgYsNrbSuJR2TC3+h+0rthmq2uRhFrq7m0F9KZHF4gKuQAAAANZnJlbG9uQGF0b21p
+YwECAw==
+-----END OPENSSH PRIVATE KEY-----
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDDmyWPkkZsAFMoRT0Jrust5liibSaKQ+OkPE7DTkSDvqC3RRvpOdzckzEYh8DeZ6JSEaP58XrW2Nt9wa7xMPNw= user@elemental-vm
@@ -38,3 +38,11 @@ storage:
         inline: |
           #!/bin/sh
           echo "Hello from customized image"
+    - path: /etc/ssh/ssh_host_ecdsa_key.pub
+      mode: 0644
+      contents:
+        source: data:text/plain;base64,ZWNkc2Etc2hhMi1uaXN0cDI1NiBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEF5TlRZQUFBQUlibWx6ZEhBeU5UWUFBQUJCQkREbXlXUGtrWnNBRk1vUlQwSnJ1c3Q1bGlpYlNhS1ErT2tQRTdEVGtTRHZxQzNSUnZwT2R6Y2t6RVloOERlWjZKU0VhUDU4WHJXMk50OXdhN3hNUE53PSB1c2VyQGVsZW1lbnRhbC12bQo=
+    - path: /etc/ssh/ssh_host_ecdsa_key
+      mode: 0600
+      contents:
+        source: data:text/plain;base64,LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFhQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd01qVTJBQUFBQ0c1cGMzUndNalUyQUFBQVFRUXc1c2xqNUpHYkFCVEtFVTlDYTdyTGVaWW9tMG1pCmtQanBEeE93MDVFZzc2Z3QwVWI2VG5jM0pNeEdJZkEzbWVpVWhHaitmRjYxdGpiZmNHdThURHpjQUFBQXFNS1FhQmJDa0cKZ1dBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEF5TlRZQUFBQUlibWx6ZEhBeU5UWUFBQUJCQkREbXlXUGtrWnNBRk1vUgpUMEpydXN0NWxpaWJTYUtRK09rUEU3RFRrU0R2cUMzUlJ2cE9kemNrekVZaDhEZVo2SlNFYVA1OFhyVzJOdDl3YTd4TVBOCndBQUFBZ1lzTnJiU3VKUjJUQzMraCswcnRobXEydVJoRnJxN20wRjlLWkhGNGdLdVFBQUFBTlpuSmxiRzl1UUdGMGIyMXAKWXdFQ0F3PT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg==
@@ -48,6 +48,7 @@ type SUT struct {
 	Username      string
 	Password      string // #nosec G117
 	SSHKey        []byte
+	HostSSHKey    []byte
 	Timeout       int
 	artifactsRepo string
 	TestVersion   string
@@ -58,15 +59,17 @@ type SUT struct {
 
 func NewSUT() *SUT {
 	var (
-		err        error
-		user       string
-		sshKeyFile string
-		sshKey     []byte
-		pass       string
-		host       string
-		vmPid      int
-		timeout    = 180
-		value      int
+		err            error
+		user           string
+		sshKeyFile     string
+		sshKey         []byte
+		hostSSHKeyFile string
+		hostSSHKey     []byte
+		pass           string
+		host           string
+		vmPid          int
+		timeout        = 180
+		value          int
 	)
 
 	if user = os.Getenv("SSH_USER"); user == "" {
@@ -77,8 +80,13 @@ func NewSUT() *SUT {
 		sshKeyFile = "../assets/testkey"
 	}
 
+	if hostSSHKeyFile = os.Getenv("HOST_SSH_KEY"); hostSSHKeyFile == "" {
+		hostSSHKeyFile = "../assets/hostkey.pub"
+	}
+
 	// Not useful here to check for a reading error, skip it!
-	sshKey, _ = os.ReadFile(sshKeyFile) //nolint:gosec
+	sshKey, _ = os.ReadFile(sshKeyFile)         //nolint:gosec
+	hostSSHKey, _ = os.ReadFile(hostSSHKeyFile) //nolint:gosec
 
 	if pass = os.Getenv("SSH_PASS"); pass == "" {
 		pass = "linux"
@@ -103,6 +111,7 @@ func NewSUT() *SUT {
 		Username:      user,
 		Password:      pass,
 		SSHKey:        sshKey,
+		HostSSHKey:    hostSSHKey,
 		MachineID:     "test",
 		Timeout:       timeout,
 		artifactsRepo: "",
@@ -259,11 +268,13 @@ func (s *SUT) clientConfig() *ssh.ClientConfig {
 		auths = append(auths, ssh.PublicKeys(signer))
 	}
 
+	hostPubKey, _, _, _, _ := ssh.ParseAuthorizedKey(s.HostSSHKey)
+
 	sshConfig := &ssh.ClientConfig{
 		User:            s.Username,
 		Auth:            append(auths, ssh.Password(s.Password)),
-		Timeout:         15 * time.Second,            // max time to establish connection
-		HostKeyCallback: ssh.InsecureIgnoreHostKey(), //nolint:gosec
+		Timeout:         15 * time.Second, // max time to establish connection
+		HostKeyCallback: ssh.FixedHostKey(hostPubKey),
 	}
 
 	return sshConfig
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDDmyWPkkZsAFMoRT0Jrust5liibSaKQ+OkPE7DTkSDvqC3RRvpOdzckzEYh8DeZ6JSEaP58XrW2Nt9wa7xMPNw= user@elemental-vm