I have seen people who suggest using a code chunk like this:
begin
Net::SSH::start
rescue Net::SSH::HostKeyError => e
e.remember_host!
retry
end
As the exception type suggests, it's for cases where there's a hostkey mismatch, and it adds the host to known hosts, as far as I understand.
So my question is, isn't it risky to just unconditionally add the host whenever the host isn't recognized? I imagine the host needs to be recognized in order to avoid man-in-the-middle attacks or similar, and just immediately adding any unrecognized hosts seem like a security breach.
Please keep in mind that I am very new to Ruby, know very little about SSH or security in general so I would appreciate simple explanations. And this is my first stack overflow question, so I am sorry if I am violating any guidelines. I wanted to ask this as a comment on a question that was actually using that code chunk, but I didn't have enough reputation.
I'm looking forward to any explanations and thanks in advance.
Yes, you're absolutely right! The example code simply bypasses the error.
Which is ok if you're not concerned about which hosts try to connect, and it doesn't mean that SSH in and of itself is insecure.
Sometimes an organisation will add a separate layer of access for increased security, perhaps a VPN to a machine which then does the SSH to the target server... in that case you want to fail on Net::SSH::HostKeyError
But if you're not that concerned, you could use #remember_host! on the error to bypass the raised error.
See this answer in another stack exchange site: https://security.stackexchange.com/a/154878