jgilfoil
commented
5 years ago How would you provide your own key to the container when running through the vscode extension?
Open disklosr opened 5 years ago
jgilfoil
commented
5 years ago How would you provide your own key to the container when running through the vscode extension?
Summary
The microsoft/ansible docker image used by this extension contains a default non encrypted ssh key pair that doesn't change between runs. This is insecure as one could authorize this private key in a remote server thinking that the key inside the image is generated in each run.
I think it's best to not include any ssh keys inside the image so user is forced to provide their own key.
I couldn't find the source repo for the microsoft/ansible docker image so I'm posting this here. Let me know if it's not the right place.