load known_hosts, remove AutoAddPolicy, fixes #39

borgbackup · Sep 16, 2024 · c31cdf3 · c31cdf3
1 parent d80a1cd
commit c31cdf3
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/borgstore/backends/sftp.py b/src/borgstore/backends/sftp.py
@@ -68,7 +68,10 @@ def _get_host_config(self):
 
     def _connect(self):
         ssh = paramiko.SSHClient()
-        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        # note: we do not deal with unknown hosts and ssh.set_missing_host_key_policy here,
+        # the user shall just make "first contact" to any new host using ssh or sftp cli command
+        # and interactively verify remote host fingerprints.
+        ssh.load_system_host_keys()  # this is documented to load the USER's known_hosts file
         host_config = self._get_host_config()
         ssh.connect(
             hostname=host_config["hostname"],