cli/pkg/ansible
Snider d4d26a6ba2 Remove StrictHostKeyChecking=no and implement proper host key verification
This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
  using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.
2026-02-04 18:23:29 +00:00
..
executor.go feat: wire release command, add tar.xz support, unified installers (#277) 2026-02-04 00:49:57 +00:00
modules.go feat: infrastructure packages and lint cleanup (#281) 2026-02-04 11:34:43 +00:00
parser.go feat: wire release command, add tar.xz support, unified installers (#277) 2026-02-04 00:49:57 +00:00
ssh.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
types.go feat: wire release command, add tar.xz support, unified installers (#277) 2026-02-04 00:49:57 +00:00