Closed edubxb closed 10 months ago
Thanks for the suggestion.
First, we are going to investigate wether or not we really need to separate ~/.ssh/known_hosts
and ~/.awless/known_hosts
in two different files.
For the StrictHostKeyChecking, I don't think that we should separate awless
and ssh
checks according to a flag, as it will make more complex both usage and implementation of the feature. However, we could rather go in two directions to improve awless ssh
for such a use case:
ssh
exec is present locally, delegate the key verification to ssh
--print-cli
, or --print-config
, do not try to connect via SSH in awless
, and let the user run the ssh connection with its wanted configuration.
First of all, I don't understand the need of maintaining a separate known hosts file exclusive for awless (
~/.awless/known_hosts
), after that, let me explain my situation...I have configured in my
$HOME/.ssh/config
when I don't want to check the host keys for some host patterns, with the configuration param:StrictHostKeyChecking=no
also, I don't want to awless to check it, but, in some cases, I want that ssh to do it, but not awless, with the current
--disable-strict-host-keychecking
flag is impossible, I can only disable it for both or for none.So, my proposal is something like: