Fixes #32606 - Reimplement known host key removal

Ported from theforeman/foreman_remote_execution
0d5078ccbbfcc51d1dfa3097b727d9e8415506ea

Author: adamruzicka

lib/smart_proxy_remote_execution_ssh/plugin.rb

@@ -27,6 +27,7 @@ class Plugin < Proxy::Plugin
       require 'smart_proxy_remote_execution_ssh/dispatcher'
       require 'smart_proxy_remote_execution_ssh/log_filter'
       require 'smart_proxy_remote_execution_ssh/runners'
+      require 'smart_proxy_remote_execution_ssh/utils'
 
       Proxy::RemoteExecution::Ssh.validate!
 

lib/smart_proxy_remote_execution_ssh/runners/script_runner.rb

@@ -121,6 +121,7 @@ def initialize(options, user_method, suspended_action: nil)
       @local_working_dir = options.fetch(:local_working_dir, settings.local_working_dir)
       @remote_working_dir = options.fetch(:remote_working_dir, settings.remote_working_dir)
       @cleanup_working_dirs = options.fetch(:cleanup_working_dirs, settings.cleanup_working_dirs)
+      @first_execution = options.fetch(:first_execution, false)
       @user_method = user_method
     end
 
@@ -148,6 +149,7 @@ def self.build(options, suspended_action:)
     end
 
     def start
+      Proxy::RemoteExecution::Utils.prune_known_hosts!(@host, @ssh_port, logger) if @first_execution
       prepare_start
       script = initialization_script
       logger.debug("executing script:\n#{indent_multiline(script)}")

lib/smart_proxy_remote_execution_ssh/utils.rb

@@ -0,0 +1,24 @@
+require 'open3'
+
+module Proxy::RemoteExecution
+  module Utils
+    class << self
+      def prune_known_hosts!(hostname, port, logger = Logger.new($stdout))
+        return if Net::SSH::KnownHosts.search_for(hostname).empty?
+
+        target = if port == 22
+                   hostname
+                 else
+                   "[#{hostname}]:#{port}"
+                 end
+
+        Open3.popen3('ssh-keygen', '-R', target) do |_stdin, stdout, _stderr, wait_thr|
+          wait_thr.join
+          stdout.read
+        end
+      rescue Errno::ENOENT => e
+        logger.warn("Could not remove #{hostname} from know_hosts: #{e}")
+      end
+    end
+  end
+end