From 8013c78a9622ccd6b416b1ff7c66c06ada9bed0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Corentin=20N=C3=A9au?= Date: Wed, 10 Sep 2025 12:50:52 +0200 Subject: [PATCH] Fix warnings about strict host key checks This rephrases misleading warnings about known hosts, removing them entirely for versions where the default behaviour is secure. --- docs/gitrepo-add.md | 8 -------- versioned_docs/version-0.10/gitrepo-add.md | 2 +- versioned_docs/version-0.11/gitrepo-add.md | 2 +- versioned_docs/version-0.12/gitrepo-add.md | 2 +- versioned_docs/version-0.13/gitrepo-add.md | 8 -------- 5 files changed, 3 insertions(+), 19 deletions(-) diff --git a/docs/gitrepo-add.md b/docs/gitrepo-add.md index c9ce90a0c..c10dd547b 100644 --- a/docs/gitrepo-add.md +++ b/docs/gitrepo-add.md @@ -88,14 +88,6 @@ The key has to be in PEM format. ### Known hosts -:::warning - -If you don't add one or more public keys into the secret, any server's public key will be trusted and added. (`ssh -o -stricthostkeychecking=yes` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to -`false`. - -::: - Fleet supports injecting `known_hosts` into an SSH secret. Here is an example of how to add it: Fetch the public key hash (taking Github as an example) diff --git a/versioned_docs/version-0.10/gitrepo-add.md b/versioned_docs/version-0.10/gitrepo-add.md index e15fe6b53..a2be38e02 100644 --- a/versioned_docs/version-0.10/gitrepo-add.md +++ b/versioned_docs/version-0.10/gitrepo-add.md @@ -85,7 +85,7 @@ The key has to be in PEM format. :::warning If you don't add one or more public keys into the secret, any server's public key will be trusted and added. (`ssh -o -stricthostkeychecking=yes` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to +stricthostkeychecking=no` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to `false`. ::: diff --git a/versioned_docs/version-0.11/gitrepo-add.md b/versioned_docs/version-0.11/gitrepo-add.md index 738ea31e2..c2f86cb9f 100644 --- a/versioned_docs/version-0.11/gitrepo-add.md +++ b/versioned_docs/version-0.11/gitrepo-add.md @@ -85,7 +85,7 @@ The key has to be in PEM format. :::warning If you don't add one or more public keys into the secret, any server's public key will be trusted and added. (`ssh -o -stricthostkeychecking=yes` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to +stricthostkeychecking=no` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to `false`. ::: diff --git a/versioned_docs/version-0.12/gitrepo-add.md b/versioned_docs/version-0.12/gitrepo-add.md index fed58065b..bdeda3df1 100644 --- a/versioned_docs/version-0.12/gitrepo-add.md +++ b/versioned_docs/version-0.12/gitrepo-add.md @@ -86,7 +86,7 @@ The key has to be in PEM format. :::warning If you don't add one or more public keys into the secret, any server's public key will be trusted and added. (`ssh -o -stricthostkeychecking=yes` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to +stricthostkeychecking=no` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to `false`. ::: diff --git a/versioned_docs/version-0.13/gitrepo-add.md b/versioned_docs/version-0.13/gitrepo-add.md index 8ac0f3abb..4e235b0ba 100644 --- a/versioned_docs/version-0.13/gitrepo-add.md +++ b/versioned_docs/version-0.13/gitrepo-add.md @@ -83,14 +83,6 @@ The key has to be in PEM format. ### Known hosts -:::warning - -If you don't add one or more public keys into the secret, any server's public key will be trusted and added. (`ssh -o -stricthostkeychecking=yes` will be used), unless you install Fleet with chart value `insecureSkipHostKeyChecks` set to -`false`. - -::: - Fleet supports injecting `known_hosts` into an SSH secret. Here is an example of how to add it: Fetch the public key hash (taking Github as an example)