SSH Hostkey check (#417)

* Add Hostkey check as default behavior when SSH

README.ja.md

@@ -350,7 +350,9 @@ $ vim ~/.ssh/authorized_keys
 Paste from the clipboard to ~/.ssh/.authorized_keys
 
 パスワードありのsudoはセキュリティ上の理由からサポート指定いないので、スキャンに必要なコマンドは、`NOPASSAWORD`として、remote host上の`etc/sudoers`に定義しておく。
-See [Usage: Configtest#Check /etc/sudoers](https://github.com/future-architect/vuls#check-etcsudoers)
+See [Usage: Configtest#Check /etc/sudoers](#check-etcsudoers)
+
+また、localhostのknown_hostsにremote hostのホストキーが登録されている必要があるので確認すること。
 
 ## Step4. Config
 
@@ -642,14 +644,14 @@ host         = "172.31.4.82"
     - port: SSH Port number
     - user: SSH username
     - keyPath: SSH private key path
-    - cpeNames: see [Usage: Scan vulnerability of non-OS package](https://github.com/future-architect/vuls/blob/master/README.ja.md#usage-scan-vulnerability-of-non-os-package)
+    - cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: JSONレポートに含めたい追加情報
-    - containers: see [Usage: Scan Docker containers](https://github.com/future-architect/vuls/blob/master/README.ja.md#usage-scan-docker-containers)
+    - containers: see [Usage: Scan Docker containers](#usage-scan-docker-containers)
 
 
     Vulsは各サーバにSSHで接続するが、OSコマンドでの接続と、Goのネイティブ実装の２種類のSSH接続方法をサポートしている。
-    詳細は [-ssh-native-insecure option](https://github.com/future-architect/vuls/blob/master/README.ja.md#-ssh-native-insecure-option) を参照。
+    詳細は [-ssh-native-insecure option](#-ssh-native-insecure-option) を参照。
 
     また、以下のSSH認証をサポートしている。
     - SSH agent
@@ -714,7 +716,13 @@ configtestサブコマンドは以下をチェックする
 
 ## Check /etc/sudoers 
 
-スキャン対象サーバに対してパスワードなしでSUDO可能な状態かもチェックする。  
+スキャン対象サーバに対してパスワードなしでSUDO可能な状態か確認する。  
+また、requirettyも定義されているか確認する。(--ssh-native-insecureオプションでscanする場合はrequirettyは定義しなくても良い)
+```
+Defaults:vuls !requiretty
+```
+For details, see [-ssh-native-insecure option](#-ssh-native-insecure-option)
+
 スキャン対象サーバ上の`/etc/sudoers`のサンプル
 
 - CentOS
@@ -836,7 +844,7 @@ $ vuls scan server1 server2
 
 ローカルホストのスキャンする場合、SSHではなく直接コマンドの発行が可能。  
 config.tomlのhostに`localhost または 127.0.0.1`かつ、portに`local`を設定する必要がある。  
-For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
+For more details, see [Architecture section](#architecture)
 
 - config.toml
   ```
@@ -863,7 +871,7 @@ Defaults:vuls !requiretty
 ### Docker
 
 Vulsは、DockerホストにSSHで接続し、`docker exec`でDockerコンテナにコマンドを発行して脆弱性をスキャンする。  
-詳細は、[Architecture section](https://github.com/future-architect/vuls#architecture)を参照
+詳細は、[Architecture section](#architecture)を参照
 
 - 全ての起動中のDockerコンテナをスキャン  
   `"${running}"` をcontainersに指定する

README.md

@@ -330,7 +330,7 @@ For details of dependent libraries, see [Dependencies on Target Servers](#depend
 ## Step3. Enable to SSH from Localhost
 
 Vuls doesn't support SSH password authentication. So you have to use SSH key-based authentication.  
-Create a keypair on the localhost then append public key to authorized_keys on the remote host.
+Create a keypair on the localhost then append public key to authorized_keys on the remote host.  
 
 - Localhost
 ```bash
@@ -348,8 +348,10 @@ $ vim ~/.ssh/authorized_keys
 ```
 Paste from the clipboard to ~/.ssh/.authorized_keys
 
-And also, SUDO with password is not supported for security reasons. So you have to define NOPASSWORD in /etc/sudoers on target servers.  
-See [Usage: Configtest#Check /etc/sudoers](https://github.com/future-architect/vuls#check-etcsudoers)
+SUDO with password is not supported for security reasons. So you have to define NOPASSWORD in /etc/sudoers on target servers.  
+See [Usage: Configtest#Check /etc/sudoers](#check-etcsudoers)
+
+And also, confirm that the host keys of scan target servers has been registered in the known_hosts of the Localhost.
 
 ## Step4. Config
 
@@ -652,12 +654,12 @@ You can customize your configuration using this template.
     - port: SSH Port number
     - user: SSH username
     - keyPath: SSH private key path
-    - cpeNames: see [Usage: Scan vulnerability of non-OS package](https://github.com/future-architect/vuls#usage-scan-vulnerability-of-non-os-package)
+    - cpeNames: see [Usage: Scan vulnerability of non-OS package](#usage-scan-vulnerability-of-non-os-package)
     - ignoreCves: CVE IDs that will not be reported. But output to JSON file.
     - optional: Add additional information to JSON report.
     - containers: see [Example: Scan containers (Docker/LXD)(#example-scan-containers-dockerlxd)
 
-    Vuls supports two types of SSH. One is external command. The other is native go implementation. For details, see [-ssh-native-insecure option](https://github.com/future-architect/vuls#-ssh-native-insecure-option)
+    Vuls supports two types of SSH. One is external command. The other is native go implementation. For details, see [-ssh-native-insecure option](#-ssh-native-insecure-option)
 
     Multiple SSH authentication methods are supported.  
     - SSH agent
@@ -724,7 +726,11 @@ In order to scan, the following dependencies are required, so you need to instal
 
 ## Check /etc/sudoers 
 
-The configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH.  
+The configtest subcommand checks sudo settings on target servers whether Vuls is able to SUDO with nopassword via SSH. And if you run Vuls without -ssh-native-insecure option, requiretty must be defined in /etc/sudoers.
+```
+Defaults:vuls !requiretty
+```
+For details, see [-ssh-native-insecure option](#-ssh-native-insecure-option)
 
 Example of /etc/sudoers on target servers
 
@@ -848,7 +854,7 @@ With this sample command, it will ..
 ## Example: Scan via shell instead of SSH.
 
 Vuls scans localhost instead of SSH if the host address is `localhst or 127.0.0.1` and the port is `local` in config.
-For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
+For more details, see [Architecture section](#architecture)
 
 - config.toml
   ```
@@ -873,7 +879,7 @@ see [Docker Blog:Why you don't need to run SSHd in your Docker containers](https
 ### Docker
 
 Vuls scans Docker containers via `docker exec` instead of SSH.  
-For more details, see [Architecture section](https://github.com/future-architect/vuls#architecture)
+For more details, see [Architecture section](#architecture)
 
 - To scan all of running containers  
   `"${running}"` needs to be set in the containers item.

scan/executil.go

@@ -259,8 +259,7 @@ func sshExecExternal(c conf.ServerInfo, cmd string, sudo bool) (result execResul
 
 	defaultSSHArgs := []string{
 		"-tt",
-		"-o", "StrictHostKeyChecking=no",
-		"-o", "UserKnownHostsFile=/dev/null",
+		"-o", "StrictHostKeyChecking=yes",
 		"-o", "LogLevel=quiet",
 		"-o", "ConnectionAttempts=3",
 		"-o", "ConnectTimeout=10",