From 4abe6a6e6c77c515c185ceeb429721db67da6793 Mon Sep 17 00:00:00 2001
From: Snider <631881+Snider@users.noreply.github.com>
Date: Wed, 4 Feb 2026 18:29:32 +0000
Subject: [PATCH] Remove StrictHostKeyChecking=no and implement proper host key
 verification

Addresses security concerns from OWASP audit by enforcing strict host key
verification.

Changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and devops.
- Removed insecure host key verification from pkg/ansible.
- Added synchronous host key discovery using ssh-keyscan during VM boot.
- Updated Boot lifecycle to wait for host key verification.
- Handled missing known_hosts file in pkg/ansible.
- Refactored hardcoded SSH port to DefaultSSHPort constant.
- Fixed formatting issues identified by QA check.
---
 pkg/io/local/client.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/io/local/client.go b/pkg/io/local/client.go
index 872b961..452afad 100644
--- a/pkg/io/local/client.go
+++ b/pkg/io/local/client.go
@@ -48,7 +48,6 @@ func (m *Medium) path(p string) string {
 		return clean
 	}
 
-
 	// Join cleaned relative path with root
 	return filepath.Join(m.root, clean)
 }