core/go
8
0
Fork 0
generated from lthn/LEM
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions
go/pkg/container
History
Snider 39659520a8 Remove StrictHostKeyChecking=no and implement proper host key verification 
This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
  using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.
2026-02-04 18:23:29 +00:00
..
templates feat(container): add LinuxKit YAML templates with variable substitution 2026-01-28 18:59:45 +00:00
container.go feat(container): implement LinuxKit container runtime 2026-01-28 18:50:32 +00:00
hypervisor.go feat: git command, build improvements, and go fmt git-aware (#74) 2026-02-01 10:48:44 +00:00
hypervisor_test.go test: increase coverage across packages 2026-01-29 13:19:08 +00:00
linuxkit.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
linuxkit_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
state.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
state_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
templates.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
templates_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00