go/pkg/devops
Snider 39659520a8 Remove StrictHostKeyChecking=no and implement proper host key verification
This commit addresses security concerns from the OWASP audit by enforcing
strict host key verification for all SSH and SCP commands.

Key changes:
- Replaced StrictHostKeyChecking=accept-new with yes in pkg/container and pkg/devops.
- Removed insecure host key verification from pkg/ansible SSH client.
- Implemented a synchronous host key discovery mechanism during VM boot
  using ssh-keyscan to populate ~/.core/known_hosts.
- Updated the devops Boot lifecycle to wait until the host key is verified.
- Ensured pkg/ansible correctly handles missing known_hosts files.
- Refactored hardcoded SSH port 2222 to a package constant DefaultSSHPort.
- Added CORE_SKIP_SSH_SCAN environment variable for test environments.
2026-02-04 18:23:29 +00:00
..
sources Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
claude.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
claude_test.go test: increase coverage to 63.8% across packages 2026-01-29 14:28:23 +00:00
config.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
config_test.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
devops.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
devops_test.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
images.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
images_test.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
serve.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
serve_test.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
shell.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
shell_test.go test: increase coverage to 63.8% across packages 2026-01-29 14:28:23 +00:00
ssh_utils.go Remove StrictHostKeyChecking=no and implement proper host key verification 2026-02-04 18:23:29 +00:00
test.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00
test_test.go Migrate pkg/devops to Medium abstraction (#293) 2026-02-04 14:58:03 +00:00