Comment 7 for bug 1732665

Merlijn, Mark: it appears that there's a regression due to us now being more strict about SSH host key verification.

The firewalling for vsphere works by managing iptables rules, but currently that is done by the controller via SSH (i.e. the controller connects to the vsphere machines via SSH, and runs iptables commands). The SSH connections previously ignored the host keys, and now they don't; and we don't know the host keys at the point where we make the SSH connections.

The quick and dirty solution is just to go back to not checking host keys. That works and should be OK, as there's no sensitive information being transferred. The worst attack I can conceive of is directing the controller to firewall some other machine.

The better but more involved solution is to not use SSH at all, nor manage it from the controller, and instead have each machine agent run a worker to manage its own iptables rules.