arch+security: route all server contact through Pulse, harden SSH
Lint / Python (flake8) (push) Failing after 43s
Lint / JS (eslint) (push) Successful in 8s
Security / Python Security (bandit) (push) Successful in 1m4s
Test / Python Tests (pytest) (push) Failing after 1m5s
Lint / Notify on failure (push) Successful in 2s
Lint / Deploy (push) Has been skipped
Lint / Python (flake8) (push) Failing after 43s
Lint / JS (eslint) (push) Successful in 8s
Security / Python Security (bandit) (push) Successful in 1m4s
Test / Python Tests (pytest) (push) Failing after 1m5s
Lint / Notify on failure (push) Successful in 2s
Lint / Deploy (push) Has been skipped
Architecture: - Remove direct subprocess ping from Gandalf; add PulseClient.ping() which runs the ping via the Pulse worker instead - Remove standalone ping() function and subprocess import from monitor.py - Add self.pulse alias to NetworkMonitor for convenience - Both _process_ping_hosts() and snapshot builder now use self.pulse.ping() Security: - Change StrictHostKeyChecking=no → accept-new in both SSH command builders (monitor.py _ssh_batch, diagnose.py build_ssh_command). The Pulse worker's known_hosts is now authoritative; host keys are recorded on first connection and verified on all subsequent ones. MITM attacks after initial key exchange are now detectable. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+1
-1
@@ -75,7 +75,7 @@ class DiagnosticsRunner:
|
||||
)
|
||||
|
||||
return (
|
||||
f'ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 '
|
||||
f'ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 '
|
||||
f'-o BatchMode=yes -o LogLevel=ERROR '
|
||||
f'-o ServerAliveInterval=10 -o ServerAliveCountMax=2 '
|
||||
f'root@{ip_q} \'{remote_cmd}\''
|
||||
|
||||
Reference in New Issue
Block a user