This container currently uses ssh-keyscan to fetch the host key for the WP Engine SSH server before attempting to connect.
This is insecure and defeats the entire purpose of having a host key to authenticate the server.
I suggest that instead you hardcode WP Engine's SSH host public key(s) into the container, so that SSH will fail if someone is performing a man-in-the-middle-attack against the connection.
This container currently uses
ssh-keyscanto fetch the host key for the WP Engine SSH server before attempting to connect.This is insecure and defeats the entire purpose of having a host key to authenticate the server.
I suggest that instead you hardcode WP Engine's SSH host public key(s) into the container, so that SSH will fail if someone is performing a man-in-the-middle-attack against the connection.