docs(proxy-agent): document SSH host key verification config#806
docs(proxy-agent): document SSH host key verification config#806mayankpande88 wants to merge 2 commits into
Conversation
Add known_hosts and host_key datasource fields and a host key verification section reflecting nudgebee/forager#79.
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the proxy agent configuration documentation to introduce SSH host key verification using the new known_hosts and host_key options. The review feedback suggests clarifying the description of the host_key field by referring to it as a standard SSH public key format rather than an authorized_keys-style key, which helps prevent confusion with client authentication.
| | `credentials` | When `local` | Inline credential key-value pairs | | ||
| | `allowed_hosts` | No | List of CIDR ranges or hostnames for SSH dynamic mode (omit `host` to enable) | | ||
| | `known_hosts` | No | SSH only. Path to an OpenSSH `known_hosts` file used to verify the server host key (see [host key verification](#ssh-datasource-notes)) | | ||
| | `host_key` | No | SSH only. A single `authorized_keys`-style host public key line used to verify the server host key | |
There was a problem hiding this comment.
Using the term authorized_keys-style might be confusing to users because authorized_keys is used for client authentication, whereas this field is for verifying the server's host key. It is clearer to refer to it as a standard SSH public key format.
| | `host_key` | No | SSH only. A single `authorized_keys`-style host public key line used to verify the server host key | | |
| | host_key | No | SSH only. A single SSH public key in standard format (e.g., ssh-ed25519 AAAAC3Nza...) used to verify the server host key | |
There was a problem hiding this comment.
Done in c450c38 — reworded to 'standard SSH public key format'.
| **Host key verification** — By default Forager does not verify the server host key, which leaves the connection unprotected against man-in-the-middle attacks. Set one of the following on the datasource to enable verification: | ||
|
|
||
| - `known_hosts` — path to an OpenSSH `known_hosts` file. Use this for fleets or when you maintain a shared host-key file. | ||
| - `host_key` — a single `authorized_keys`-style host public key line. Use this to pin one server's key inline. |
There was a problem hiding this comment.
For consistency and to avoid confusion with client authentication (authorized_keys), describe this as a standard SSH public key format.
| - `host_key` — a single `authorized_keys`-style host public key line. Use this to pin one server's key inline. | |
| - host_key — a single SSH public key in standard format (e.g., ssh-ed25519 AAAAC3Nza...). Use this to pin one server's key inline. |
There was a problem hiding this comment.
Done in c450c38 — reworded to 'standard SSH public key format'.
Address review feedback: avoid 'authorized_keys'-style wording, which could be confused with client authentication.
2 participants
Summary
Documents the user-facing config surface added in nudgebee/forager#79 — optional SSH host key verification.
Changes
In
doc-server/docs/installation/proxy-agent/configuration.md:known_hostsandhost_keyrows to the Datasource Fields table (SSH-only, optional).known_hostswins if both set), the startup warning when unset, and YAML examples for inline-pin and known_hosts-file modes.The forager PR's HTTP SSRF fix is internal request-construction hardening with no operator-facing config surface, so no doc change is needed there.