Add known hosts checking for SFTP storage driver.

By default require a known hosts match as part of the SFTP storage driver's authentication process, i.e. repo-sftp-host-key-check-type=strict. The match is expected to be found in the default list or in a list of known hosts files provided by the user. An exception is made if a fingerprint has been manually configured with repo-sftp-host-fingerprint or repo-sftp-host-key-check-type=accept-new can be used to automatically add new hosts. Also allow host key verification to be skipped, as before, but require the user to explicitly set this (repo-sftp-host-key-check-type=none) rather than it being the default.
2025-11-06 08:49:29 +02:00 · 2023-09-15 20:22:38 -04:00
parent f5c730fd03
commit ce9ba0fade
17 changed files with 3855 additions and 231 deletions
--- a/test/lib/pgBackRestTest/Env/Host/HostBackupTest.pm
+++ b/test/lib/pgBackRestTest/Env/Host/HostBackupTest.pm
@@ -1322,6 +1322,7 @@ sub configCreate
                $oParamHash{&CFGDEF_SECTION_GLOBAL}{'repo1-sftp-host-user'} = TEST_USER;
                $oParamHash{&CFGDEF_SECTION_GLOBAL}{'repo1-sftp-private-key-file'} = testRunGet()->basePath() . SSH_PRIVATE_KEY;
                $oParamHash{&CFGDEF_SECTION_GLOBAL}{'repo1-sftp-public-key-file'} = testRunGet()->basePath() . SSH_PUBLIC_KEY;
+                $oParamHash{&CFGDEF_SECTION_GLOBAL}{'repo1-sftp-host-key-check-type'} = "none";
                $oParamHash{&CFGDEF_SECTION_GLOBAL}{'repo1-path'} = $self->repoPath();

                # At what count do we hit diminishing returns