Skip to content

fix: log warning when SSH host key verification is disabled#154

Merged
creydr merged 3 commits into
functions-dev:mainfrom
creydr:fix/ssh-insecure-host-key-warning
May 20, 2026
Merged

fix: log warning when SSH host key verification is disabled#154
creydr merged 3 commits into
functions-dev:mainfrom
creydr:fix/ssh-insecure-host-key-warning

Conversation

@creydr
Copy link
Copy Markdown
Collaborator

@creydr creydr commented May 20, 2026

Summary

  • Adds informational log messages when InsecureIgnoreHostKey is used for SSH connections
  • Two cases are covered: (1) no SSH credentials provided in auth secret, (2) SSH key provided but known_hosts data is missing
  • Threads context.Context through getClientOptions and getSSHClientOptions to enable controller-runtime logging

Note: This PR is based on #152 and should be merged after it.

creydr added 2 commits May 20, 2026 15:14
@creydr
fix: log warning when SSH host key verification is disabled
5fc04c8 
When InsecureIgnoreHostKey is used (either because no SSH credentials
are provided or because known_hosts data is missing from the auth
secret), log an informational message so operators can identify and
remediate insecure configurations.
@creydr
fix: restore InsecureIgnoreHostKey fallback when known_hosts is missing
079edc1 
The previous commit removed the InsecureIgnoreHostKey fallback when
an SSH key is provided without known_hosts data, causing E2E failures
with "knownhosts: key is unknown".
@creydr creydr force-pushed the fix/ssh-insecure-host-key-warning branch from def202b to 079edc1 Compare May 20, 2026 13:15
@creydr creydr enabled auto-merge May 20, 2026 13:15
@creydr creydr added this pull request to the merge queue May 20, 2026
@creydr
fix: propagate errors from known_hosts setup instead of silently igno…
2b1de2f 
…ring them

When a user provides known_hosts data in the auth secret, errors during
temp file creation, writing, or callback setup were silently swallowed,
causing silent fallback to no host key verification. Now these errors
are returned so the operator knows when known_hosts setup fails.
Merged via the queue into functions-dev:main with commit 3db118e May 20, 2026
@creydr creydr deleted the fix/ssh-insecure-host-key-warning branch May 20, 2026 14:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@creydr