From be510e53bc8830c1ceefa91e5acefe72485b6e57 Mon Sep 17 00:00:00 2001 From: Jamie Finnigan Date: Wed, 24 Jun 2020 05:09:06 -0700 Subject: [PATCH] website/docs: add note re. SSH hostkey validation to provisioner connection doc (#25355) --- website/docs/provisioners/connection.html.markdown | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/docs/provisioners/connection.html.markdown b/website/docs/provisioners/connection.html.markdown index 7ed6a6a5dc..f290a9829d 100644 --- a/website/docs/provisioners/connection.html.markdown +++ b/website/docs/provisioners/connection.html.markdown @@ -20,6 +20,12 @@ for some connection settings, so that `connection` blocks could sometimes be omitted. This feature was removed in 0.12 in order to make Terraform's behavior more predictable. +-> **Note:** Since the SSH connection type is most often used with +newly-created remote resources, validation of SSH host keys is disabled by +default. In scenarios where this is not acceptable, a separate mechanism for +key distribution could be established and the `host_key` directive documented +below explicitly set to verify against a specific key or signing CA. + Connection blocks don't take a block label, and can be nested within either a `resource` or a `provisioner`.