Add support for SSH connection using openSSH certificates in SSHHook #64676
Replies: 1 comment
-
|
This looks most useful for the inline/private-key-in-connection case. For file-based keys, The missing Airflow piece is the A focused PR could add an extra such as |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Using SSH certificates is good way to secure and manage ssh connections.
It allows storing short-lived keys and easily revoking them in case of compromise.
The extra field in the ssh_conn object is not limited and it is possible to add keys and values as needed. In this case, it would be convenient to add an ssh_certificate field.
Unfortunately, the SSHOperator and SSHHook do not currently support connection management via this method.
To improve the Operator, the hook should be able to establish a connexion by ssh certificate when the field "ssh_certificate" is provided.
If I'm not mistaken, SSHHook uses the paramiko lib, which has the load_certificate() function which could fit to the solution
Beta Was this translation helpful? Give feedback.
All reactions