ashb commented on a change in pull request #4249: [AIRFLOW-3410] Add feature to
allow Host Key Change for SSH Op
URL: https://github.com/apache/incubator-airflow/pull/4249#discussion_r237166274
##########
File path: docs/howto/manage-connections.rst
##########
@@ -350,3 +350,51 @@ Extra (optional)
gcpcloudsql://user:[email protected]:3306/mydb?database_type=mysql&project_id=example-project&location=europe-west1&instance=testinstance&use_proxy=True&sql_proxy_use_tcp=False
+SSH
+~~~
+The SSH connection type provides connection to use
:class:`~airflow.contrib.hooks.ssh_hook.SSHHook` to run commands on a remote
server using :class:`~airflow.contrib.operators.ssh_operator.SSHOperator` or
transfer file from/to the remote server using
:class:`~airflow.contrib.operators.ssh_operator.SFTPOperator`.
+
+Configuring the Connection
+''''''''''''''''''''''''''
+Host (required)
+ The Remote host to connect.
+
+Username (optional)
+ The Username to connect to the remote_host.
+
+Password (optional)
+ Specify the password of the username to connect to the remote_host.
+
+Port (optional)
+ Port of remote host to connect. Default is 22.
+
+Extra (optional)
+ Specify the extra parameters (as json dictionary) that can be used in ssh
+ connection. The following parameters out of the standard python parameters
+ are supported:
+
+ * **timeout** - An optional timeout (in seconds) for the TCP connect.
Default is ``10``.
+ * **compress** - ``true`` to ask the remote client/server to compress
traffic; `false` to refuse compression. Default is ``true``.
+ * **no_host_key_check** - Set to ``false`` to restrict connecting to hosts
with no entries in ``~/.ssh/known_hosts`` (Hosts file). This provides maximum
protection against trojan horse attacks, but can be troublesome when the
``/etc/ssh/ssh_known_hosts`` file is poorly maintained or connections to new
hosts are frequently made. This option forces the user to manually add all new
hosts. Default is ``true``, ssh will automatically add new host keys to the
user known hosts files.
+ * **allow_host_key_change** - Set to ``true`` if you want to allow
connecting to hosts that has host key changed or when you get 'REMOTE HOST
IDENTIFICATION HAS CHANGED' error. This wont protect against Man-In-The-Middle
attacks. Other possible solution is to remove the host entry from
``~/.ssh/known_hosts`` file. Default is ``false``.
+
+ Example "extras" field:
+
+ .. code-block:: json
+
+ {
+ "timeout": "10",
+ "compress": "false",
+ "no_host_key_check": "true",
Review comment:
```suggestion
"no_host_key_check": "false",
```
too please.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
