From 10779e7cea3d07045bf62d880ef5e3349a6e6fb7 Mon Sep 17 00:00:00 2001
From: Michael Reber <michael.reber@swissmakers.ch>
Date: Thu, 13 Nov 2025 22:47:18 +0100
Subject: [PATCH] disable hostkeychecking for ssh from containers

---
 internal/fail2ban/connector_ssh.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/internal/fail2ban/connector_ssh.go b/internal/fail2ban/connector_ssh.go
index a5964dc..57babbe 100644
--- a/internal/fail2ban/connector_ssh.go
+++ b/internal/fail2ban/connector_ssh.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"encoding/base64"
 	"fmt"
+	"os"
 	"os/exec"
 	"sort"
 	"strconv"
@@ -267,6 +268,14 @@ func (sc *SSHConnector) runRemoteCommand(ctx context.Context, command []string)
 
 func (sc *SSHConnector) buildSSHArgs(command []string) []string {
 	args := []string{"-o", "BatchMode=yes"}
+	// In containerized environments, disable strict host key checking
+	if _, container := os.LookupEnv("CONTAINER"); container {
+		args = append(args,
+			"-o", "StrictHostKeyChecking=no",
+			"-o", "UserKnownHostsFile=/dev/null",
+			"-o", "LogLevel=ERROR",
+		)
+	}
 	if sc.server.SSHKeyPath != "" {
 		args = append(args, "-i", sc.server.SSHKeyPath)
 	}