Lemur SFTP Plugin: Adding Remote Hosts to known_hosts Keystore #5149
Description
Hello,
I've configured the destination server using the SFTP plugin. When I try to create a certificate and deploy it to the configured destination server, it fails.
The Lemur logs show the following error:
lemur_1 | [2025-04-11 08:47:50,723] ERROR in plugin: ERROR in <class 'paramiko.ssh_exception.SSHException'>: Server '10.1.0.4' not found in known_hosts
To resolve this, I modified the lemur/plugins/lemur_sftp/plugin.py file, replacing ssh.set_missing_host_key_policy(paramiko.RejectPolicy()) with ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()). After this change, the certificate deployment works successfully.
Questions:
- Is it the intended behavior of the SFTP plugin to require manual modification of the code to add new hosts to the known_hosts file?
- Should there be a configuration option to control the missing_host_key_policy (e.g., Reject, AutoAdd, or a path to a known_hosts file)?
- Is there a more secure or recommended way to handle this "known_hosts" issue within Lemur's SFTP plugin, rather than automatically adding any unknown host key?
Thanks