CallMeTechie
DE Login
Home Products Blog About Contact

Host Key & SSH Key

v1.0 · Updated 5 days ago

Host-Key Verification & the Plugin Key

No blind trust on first connect

Fleet Manager does not disable host-key checking and uses the secure OpenSSH default. Because all connections run with BatchMode=yes, there is no interactive prompt — the first connection to a host whose key is not yet in ~/.ssh/known_hosts deliberately fails instead of trusting blindly (no "trust on first use").

Register the host key once, after reviewing the fingerprint:

ssh-keyscan -p <port> <host> >> ~/.ssh/known_hosts

This prevents a silent man-in-the-middle on an unknown host.

The dedicated SSH key

Fleet Manager uses its own Ed25519 key ~/.ssh/fleet-manager_ed25519 — separate from your other keys. The private key has mode 600 and never leaves your machine.

Protection against shell injection

Internally, Fleet Manager always assembles SSH calls as an argument array, never by string concatenation. Combined with the docker_cmd allowlist and rsync --protect-args, paths and parameters stay cleanly separated — even with special characters.

Back to Documentation

Cookie Settings

We use cookies to improve your experience. Essential cookies are always active.

Privacy Policy
ESC
↑↓ navigate open esc close