Change remote ssh monitor to default-reject unknown keys

docs/monitors/remote_ssh.rst

@@ -9,6 +9,10 @@ It connects with ``ssh`` to run a remote command, then parses the reply and moni
 
     You should also consider the security risk of having an SSH private key on the monotoring machine. And while we are at the topic of cybersecurity, you should ensure that the SSH command is not injected (this is not liklely if you do not dynamically generate `monitors.ini`)
 
+
+.. tip::
+    This Monitor rejects connections to hosts with unknown keys; you should arrange for the host key to be known to the user Simplemonitor is running as in advance (e.g. by sshing to the target hosts once or placing the key in ``known_hosts`` directly).
+
 The sequence of this Monitor is to send to ``ssh_username@target_host:target_port`` the ``command`` via SSH, retrieve the output and parse it with ``regex`` to extract a value.
 
 This value is then compared with ``target_value`` with ``operator``. A failed comparison raises an alert.

simplemonitor/Monitors/remote_ssh.py

@@ -99,7 +99,7 @@ def __init__(self, name: str, config_options: dict) -> None:
     def run_test(self) -> bool:
         # run remote command
         with paramiko.SSHClient() as client:
-            client.set_missing_host_key_policy(paramiko.AutoAddPolicy)
+            client.set_missing_host_key_policy(paramiko.RejectPolicy)
             try:
                 client.connect(
                     self.target_hostname,