Open rgl opened 2 years ago
Yes, I agree. It would be a much better default. I'll try to get some time to add this feature...
Thinking about this a bit... To tighten up security, I should also remove the "--noSSLVerify" option for ovftool. How many home users actually have real SSL certs installed on their ESXi servers???
I'll keep all of this in mind. I may just tie them both together as a "high security enabled" option, or something like that... If there's more demand, I'll put some priority on it. Thanks for the feedback!
+1 to this request.
FWIW, I do use a real cert (Let's Encrypt) for my ESXi server.
Describe the bug
https://github.com/josenk/terraform-provider-esxi/blob/28fa55c7fdb3f77b17f9faf636ff080dc71cef68/esxi/esxi_remote_cmds.go#L33
This code is unconditionally trusting the server without any verification, which is not, IMHO, a good default.
Expected behavior
Expect the used SSH client to inherit my ssh settings (e.g. the
known_hosts
file) by default.A provider option should be provided to explicitly opt-out of the server verification, e.g.:
Ideally it should be configured alike a terraform provisioner connection.