Summary
PR #691 hardened the deploy() path to use SSH TOFU (trust-on-first-use) with pinned host keys. However, ~25 instances of StrictHostKeyChecking=no remain in E2E test scripts:
test/e2e/brev-e2e.test.jstest/e2e/test-full-e2e.shtest/e2e/test-credential-sanitization.shtest/e2e/test-telegram-injection.shtest/e2e/test-messaging-providers.shtest/e2e/test-gpu-e2e.shtest/e2e/test-sandbox-survival.shtest/e2e/test-e2e-cloud-experimental.shtest/e2e/e2e-cloud-experimental/ (multiple scripts)
These are test scripts SSHing into freshly provisioned Brev VMs, so the risk is lower than the deploy path (no secrets in transit during most test commands). But for consistency and defense-in-depth, they should use the same TOFU pattern.
Proposed fix
Extract a shared SSH TOFU helper (e.g., test/e2e/lib/ssh-tofu.sh) that the test scripts source, similar to how deploy.ts now handles it.
Related
Summary
PR #691 hardened the
deploy()path to use SSH TOFU (trust-on-first-use) with pinned host keys. However, ~25 instances ofStrictHostKeyChecking=noremain in E2E test scripts:test/e2e/brev-e2e.test.jstest/e2e/test-full-e2e.shtest/e2e/test-credential-sanitization.shtest/e2e/test-telegram-injection.shtest/e2e/test-messaging-providers.shtest/e2e/test-gpu-e2e.shtest/e2e/test-sandbox-survival.shtest/e2e/test-e2e-cloud-experimental.shtest/e2e/e2e-cloud-experimental/(multiple scripts)These are test scripts SSHing into freshly provisioned Brev VMs, so the risk is lower than the deploy path (no secrets in transit during most test commands). But for consistency and defense-in-depth, they should use the same TOFU pattern.
Proposed fix
Extract a shared SSH TOFU helper (e.g.,
test/e2e/lib/ssh-tofu.sh) that the test scripts source, similar to howdeploy.tsnow handles it.Related